[Dovecot] [Solved] Kerberos GSSAPI - proper item name in keytab
Stanislav Klinkov
klinkov at yandex.ru
Thu Sep 1 16:53:36 EEST 2011
OK, gentlemen.
I have found the source of problem. It appears to be very unexpectedly.
My testing stand was deployed on a OpenVZ-bazed virtual machine with
Venet interface on board. Here are references to OpenVZ documentation:
http://wiki.openvz.org/Virtual_network_device
http://wiki.openvz.org/Differences_between_venet_and_veth
By design venet interface coressponds to a loopback interface with one
or more aliases and very foxy routing rules. For example, in Debian it
looks like this:
************** ifconfig output ****************
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:956 errors:0 dropped:0 overruns:0 frame:0
TX packets:956 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:134666 (131.5 KiB) TX bytes:134666 (131.5 KiB)
venet0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:160164 errors:0 dropped:0 overruns:0 frame:0
TX packets:106318 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:155480098 (148.2 MiB) TX bytes:17449831 (16.6 MiB)
venet0:0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.9.36 P-t-P:192.168.9.36 Bcast:0.0.0.0
Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
************************************************
In config file it looks like this:
*********** /etc/network/interfaces *********
# Auto generated lo interface
auto lo
iface lo inet loopback
# Auto generated venet0 interface
auto venet0
iface venet0 inet manual
up ifconfig venet0 up
up ifconfig venet0 0
up route add default dev venet0
down route del default dev venet0
down ifconfig venet0 down
iface venet0 inet6 manual
auto venet0:0
iface venet0:0 inet static
address 192.168.9.36
netmask 255.255.255.255
*********************************************
For most cases such type of emulation works fine. But this time either
krb5 libs, or dovecot, or someone else could not correctly define
hostname. So, someone of them (I beleive than krb5 libs) was unable to
compare proper IP with the proper stanza in keytab. And neither explicit
"listen" nor "auth_gssapi_hostname" directives became helpful.
So, I changed equipped emulated interface from "Venet" to more "brute"
Veth, and everything flies up.
Thank you all very much for such an interesting discussion. I shall
describe this situation in my howto's and known issues archive, for others.
In other words, my trouble is totally OpenVZ-specific. So, I may pretend
to be the first who bumped into it.
And then, there is a second question.
Can there be a way to continue using this crafty venet interface, but
force krb5 libs to look up for desired IP ?
Respectfully,
Stanislav Klinkov.
More information about the dovecot
mailing list