[exim] Note: GSSAPI issues with Heimdal

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Exim Users
Subject: [exim] Note: GSSAPI issues with Heimdal
Folks using GSSAPI auth,

Heimdal 1.4 put in some restrictions on honouring a value of
$KRB5_KTNAME inherited from the environment, which means that at present
there's no way to make Exim work with a non-default keytab file.

There's no way I know of, working through the SASL/GSSAPI layers, to
portably specify a distinct server keytab. That's *why* we have
$KRB5_KTNAME with Heimdal.

I'm looking for a solution, but in the meantime be wary of upgrading
Heimdal client libraries on your Exim servers, if you rely upon GSSAPI
authentication.
--
https://twitter.com/syscomet