Exim 4 and GSSAPI
Simon Josefsson
simon at josefsson.org
Thu Nov 14 20:30:35 GMT 2024
Andreas Metzler <ametzler at bebt.de> writes:
> On 2024-11-14 "Ing. Tomáš Kala" <kala at barbucha.eu> wrote:
> [...]
>> I still looking for a guide, how to set up Exim 4 with GSSAPI
>> authentication, but all I've found, is too old. The method is mentioned
>> only. The Wiki page <https://github.com/Exim/exim/wiki/Authentication> does
>> provide information about GSSAPI neither. What Kerberos is supported? MIT or
>> Heimdal?
>
> Both. https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_gsasl_authenticator.html
> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_heimdalgssapi_authenticator.html
>
> Debian's exim binary packages do not have either of them enabled, you
> would need to compile the binary yourself.
That's somewhat challenging? Today libgsasl doesn't link with
MIT/Heimdal by default, but instead opens them via dlopen() through
libgssglue, maybe it would be acceptable for exim in debian to support
GSSAPI via gsasl this way? I think this was discussed before with some
argument that mixing Cyrus SASL and GNU SASL in the same binary was a
problem, but I don't understand that argument. To me it is like saying
mixing libz and libzstd in the same binary is problematic.
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-exim4-users/attachments/20241114/eef25ee3/attachment.sig>
More information about the Pkg-exim4-users
mailing list