Auteur: Frank Richter Datum: Aan: exim-users Onderwerp: Re: [exim] exim-4.92: GSSAPI authenticator doesn't work
Am 20.06.19 um 20:03 schrieb Viktor Dukhovni via Exim-users: > On Thu, Jun 20, 2019 at 04:05:52PM +0200, Frank Richter via Exim-users wrote:
>
>> 4.91:
>> …
>> 17651 Initialised Cyrus SASL server connection; service="smtp"
>> fqdn="servername.tu-chemnitz.de" realm="NULL"
> What user is exim 4.91 running as when reading the keytab file?
> And which keytab file has the keys for "smtp/servername.tu-chemnitz.de"?
> What are the permissions on that file?
exim runs as user exim, keytab is standard /etc/krb5.keytab
-r--r----- 1 cyrus exim 1514 21. Dez 2015 /etc/krb5.keytab
No changes between 4.91 and 4.92, both tried on the same host.
Now, we build exim-4.92 with 2 files from 4.91:
./src/auths/cyrus_sasl.h
./src/auths/cyrus_sasl.c
And … gssapi with cyrus-sasl works!
So there are some changes breaking at least our setup.
Unfortunately a quick look at the diffs doesn't unveil the relevant changes
to our eyes.
[…] > GSS acceptors don't communicate with the KDC, only GSS clients talk
> to the KDC, the servers just consume tokens supplied by clients and
> their own keytab file.
Ok, thanks.
Frank
--
Frank Richter
Chemnitz University of Technology, Germany