[Dovecot] LDAP and GSSAPI problems
Timo Sirainen
tss at iki.fi
Thu Feb 3 01:17:02 EET 2011
On Wed, 2011-02-02 at 16:13 -0700, Trever L. Adams wrote:
> > #!/bin/sh
> > export KRB5_KTNAME=/etc/dovecot/krb5.keytab
> > exec /usr/local/libexec/dovecot/auth -k
> I thought I saw a patch on the mailing list in 2007 that set KRB5_KTNAME
> if auth_krb5_keytab was set in the configuration. I guess it was either
> ntlm specific or was not accepted.
It does set that, but only on first GSSAPI authentication. I guess it
wouldn't hurt moving it to do it always. If that script helps you, I can
do this change.
> Postfix (the other half of my solution -- though the version I am using
> doesn't do SASL LDAP yet, but 2.9.x does) allows you, in the
> configuration, to set what environment variables it should not unset and
> even define new ones (an example -- import_environment =
> KRB5_KTNAME=/etc/dovecot/krb5.keytab). This may be a good solution for
> Dovecot specifically for things like this.
Maybe.. But there haven't really been all that many uses for it.
More information about the dovecot
mailing list