Folks using GSSAPI auth,
Heimdal 1.4 put in some restrictions on honouring a value of
$KRB5_KTNAME inherited from the environment, which means that at present
there's no way to make Exim work with a non-default keytab file.
There's no way I know of, working through the SASL/GSSAPI layers, to
portably specify a distinct server keytab. That's *why* we have
$KRB5_KTNAME with Heimdal.
I'm looking for a solution, but in the meantime be wary of upgrading
Heimdal client libraries on your Exim servers, if you rely upon GSSAPI
authentication.
--
https://twitter.com/syscomet
