Re: [exim] Smarthost with Kerberos Auth

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Andy Bennett
CC: exim-users
Subject: Re: [exim] Smarthost with Kerberos Auth
On 2013-01-06 at 09:18 +0000, Andy Bennett wrote:
> > Neither at present. The correct fix is to expand the heimdal_gssapi
> > authenticator to handle client-side authentication. This would be the
> > simplest, with fewer layers of abstraction to manipulate, and is newer
> > code (introduced with Exim 4.80).
>
> I'm running MIT Kerberos. Can heimdal_gssapi speak to that?


Almost. Per:

http://web.mit.edu/kerberos/krb5-1.3/README-1.3.1.txt

if you have MIT Kerberos of at least version 1.3, then you have the
functionality, but you'll need to change
`gsskrb5_register_acceptor_identity()` in the Exim source
(src/auths/heimdal_gssapi.c) to be
`krb5_gss_register_acceptor_identity()` instead.

I _think_ it's otherwise compatible. You might need to adjust include
header paths too -- I simply don't know.

If you see that working server-side, I can put some conditional
compilation in to alias the name for MIT.

-Phil