Re: [Dovecot] Variable krb5 cache location
On Sun, 2007-11-25 at 20:24 +0100, Roland Hopferwieser wrote:
First I want to thank you for this great software. Second, I think it could be a good idea to give the user the chance to change the location for the kerberos V cache, so there is no potentially conflict with other processes. With external refreshment of the krb5 cache, I use the cache also for authentication against the LDAP server with the gssapi. Please find attached a little diff file to dovecot 1.0.7.
Looks ok, but I hate to add new settings to dovecot.conf nowadays since there are already too many. Also then there would be two Kerberos-related settings that simply set environment variables. I'm beginning to think that maybe something more generic is needed, such as:
auth default { .. environment { krb5_ktname = .. krb5ccname = ... who_knows_what_else_in_future = .. } }
I think LDAP library also can accept settings from environment.
Anyone on mailing list have better ideas?
"TS" == Timo Sirainen tss@iki.fi writes:
TS> I'm beginning to think that maybe something more generic is
TS> needed, such as:
TS> auth default {
TS> ..
TS> environment {
TS> krb5_ktname = ..
TS> krb5ccname = ...
TS> who_knows_what_else_in_future = ..
TS> }
TS> }
TS> I think LDAP library also can accept settings from environment.
TS> Anyone on mailing list have better ideas?I'm certainly not going to claim this is a better idea.
Instead of explicitly setting the environment vars from dovecot.conf how about instead have a mechanism for listing those vars that are acceptable to pass through from the invoking environment.
participants (2)
-
pod
-
Timo Sirainen