[Pkg-exim4-users] SMTP AUTH with GSSAPI problems (exim4-4.94.2-7 on bullseye) – solved
Frank Richter
frank.richter at hrz.tu-chemnitz.de
Mon Sep 12 14:05:53 BST 2022
>
> I'm porting an MTA with exim from RHEL 7.X (exim-4.94.2) to Debian 11
> bullseye (I'm new to Debian and this list …). No big deal so far, I'm
> using exim4-daemon-heavy 4.94.2-7 with just a large /etc/exim4/exim4.conf
>
> Now I've got a problem to get SMTP AUTH with GSSAPI running. I'm using
> cyrus_sasl authenticator (heimdal_gssapi seems to be not available):
>
> begin authenticators
> …
> gssapi:
> driver = cyrus_sasl
> public_name = GSSAPI
> server_set_id = $auth1
>
> I've a separate keytab file: /etc/krb5.keytab.exim (read rights for user
> Debian-exim)
>
> I had on RHEL – in /etc/sysconfig/exim:
> KRB5_KTNAME=/etc/krb5.keytab.exim
>
> In Debian I added to /etc/default/exim4
>
> KRB5_KTNAME="/etc/krb5.keytab.exim"
>
> Trying to send an e-mail with GSSAPI I get:
>
> rejectlog: 2022-08-22 15:33:02 gssapi authenticator (GSSAPI): Cyrus SASL
> username fetch problem: generic failure
> mainlog: 2022-08-22 15:33:02 gssapi authenticator failed for
> troi.hrz.tu-chemnitz.de [2001:638:911:12c:134:109:142:70]: 535 Incorrect
> authentication data
>
> Starting exim daemon with: KRB5_KTNAME="/etc/krb5.keytab.exim" exim -bd
> -d-all+auth
> works as expected!
> So the KRB5_KTNAME from /etc/default/exim4 doesn't get in exim's
> environment when started via systemd.
> Can anybody help how to do it right?
I added to /etc/default/exim4:
export KRB5_KTNAME="/etc/krb5.keytab.exim"
This solved my problem – GSSAPI works as expected.
Frank
--
Frank Richter
Chemnitz University of Technolgy, Germany
More information about the Pkg-exim4-users
mailing list