[Pkg-exim4-users] SMTP AUTH with GSSAPI problems (exim4-4.94.2-7 on bullseye)
Frank Richter
frank.richter at hrz.tu-chemnitz.de
Mon Aug 22 15:31:55 BST 2022
Hello,
I'm porting an MTA with exim from RHEL 7.X (exim-4.94.2) to Debian 11
bullseye (I'm new to Debian and this list …). No big deal so far, I'm using
exim4-daemon-heavy 4.94.2-7 with just a large /etc/exim4/exim4.conf
Now I've got a problem to get SMTP AUTH with GSSAPI running. I'm using
cyrus_sasl authenticator (heimdal_gssapi seems to be not available):
begin authenticators
…
gssapi:
driver = cyrus_sasl
public_name = GSSAPI
server_set_id = $auth1
I've a separate keytab file: /etc/krb5.keytab.exim (read rights for user
Debian-exim)
I had on RHEL – in /etc/sysconfig/exim:
KRB5_KTNAME=/etc/krb5.keytab.exim
In Debian I added to /etc/default/exim4
KRB5_KTNAME="/etc/krb5.keytab.exim"
Trying to send an e-mail with GSSAPI I get:
rejectlog: 2022-08-22 15:33:02 gssapi authenticator (GSSAPI): Cyrus SASL
username fetch problem: generic failure
mainlog: 2022-08-22 15:33:02 gssapi authenticator failed for
troi.hrz.tu-chemnitz.de [2001:638:911:12c:134:109:142:70]: 535 Incorrect
authentication data
Starting exim daemon with: KRB5_KTNAME="/etc/krb5.keytab.exim" exim -bd
-d-all+auth
works as expected!
So the KRB5_KTNAME from /etc/default/exim4 doesn't get in exim's environment
when started via systemd.
Can anybody help how to do it right?
Thanks in advance,
Frank
--
Frank Richter
Chemnitz University of Technolgy, Germany
More information about the Pkg-exim4-users
mailing list