On Wed, 2011-02-02 at 16:13 -0700, Trever L. Adams wrote:
#!/bin/sh export KRB5_KTNAME=/etc/dovecot/krb5.keytab exec /usr/local/libexec/dovecot/auth -k I thought I saw a patch on the mailing list in 2007 that set KRB5_KTNAME if auth_krb5_keytab was set in the configuration. I guess it was either ntlm specific or was not accepted.
It does set that, but only on first GSSAPI authentication. I guess it wouldn't hurt moving it to do it always. If that script helps you, I can do this change.
Postfix (the other half of my solution -- though the version I am using doesn't do SASL LDAP yet, but 2.9.x does) allows you, in the configuration, to set what environment variables it should not unset and even define new ones (an example -- import_environment = KRB5_KTNAME=/etc/dovecot/krb5.keytab). This may be a good solution for Dovecot specifically for things like this.
Maybe.. But there haven't really been all that many uses for it.