[Dovecot] auth_krb5_keytab ignored ?
Leon Meßner
l.messner at physik.tu-berlin.de
Tue Jun 12 21:56:13 EEST 2012
On Mon, Jun 11, 2012 at 05:51:24PM +0200, Leon Meßner wrote:
> On Mon, Jun 11, 2012 at 06:26:57PM +0300, Timo Sirainen wrote:
> > On 11.6.2012, at 17.43, Leon Meßner wrote:
> >
> > >> import_environment = TZ GDB DEBUG_SILENT KRB5_KTNAME
> > >>
i > >> KRB5_KTNAME=/etc/mail3.krb5.keytab dovecot
> > >>
> > >> I'm wondering if the code in mech-gssapi.c that sets KRB5_KTNAME
> > >> environment is being called too late.
> > >
> > > It's still looking inside the default krb5.keytab .
> >
> > Which Kerberos library are you using? Maybe it doesn't support this way of giving the keytab.
>
> I'm using the stock FreeBSD 8.2-RELEASE one which is heimdal-1.1.0 .
> I will update the machine to 8.3 (which is the latest release in 8.x),
Updating and recompiling did not help. I don't know where to look for
the problem though. If i use the kerberos utilities with KRB5_KTNAME the
environment variable is beeing picked up ok.
19:22_root at mail3:/usr/ports/mail/dovecot# KRB5_KTNAME=/etc/mail3.krb5.keytab ktutil list
/etc/mail3.krb5.keytab:
Vno Type Principal
1 des-cbc-crc imap/mail3.physik-pool.tu-berlin.de at PCPOOL.PHYSIK.TU-BERLIN.DE
1 des-cbc-md4 imap/mail3.physik-pool.tu-berlin.de at PCPOOL.PHYSIK.TU-BERLIN.DE
1 des-cbc-md5 imap/mail3.physik-pool.tu-berlin.de at PCPOOL.PHYSIK.TU-BERLIN.DE
1 des3-cbc-sha1 imap/mail3.physik-pool.tu-berlin.de at PCPOOL.PHYSIK.TU-BERLIN.DE
19:34_root at mail3:/usr/ports/mail/dovecot# KRB5_KTNAME=/etc/mail3.krb5.keytab kinit -k imap/mail3.physik-pool.tu-berlin.de
19:39_root at mail3:/usr/ports/mail/dovecot# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: imap/mail3.physik-pool.tu-berlin.de at PCPOOL.PHYSIK.TU-BERLIN.DE
Issued Expires Principal
Jun 12 19:39:11 Jun 13 05:39:11 krbtgt/PCPOOL.PHYSIK.TU-BERLIN.DE at PCPOOL.PHYSIK.TU-BERLIN.DE
More information about the dovecot
mailing list