Re: [exim] exim-4.92: GSSAPI authenticator doesn't work

Top Pagina
Delete this message
Reply to this message
Auteur: Frank Richter
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] exim-4.92: GSSAPI authenticator doesn't work
Am 20.06.19 um 20:03 schrieb Viktor Dukhovni via Exim-users:
> On Thu, Jun 20, 2019 at 04:05:52PM +0200, Frank Richter via Exim-users wrote:
>
>> 4.91:
>> …
>> 17651 Initialised Cyrus SASL server connection; service="smtp"
>> fqdn="servername.tu-chemnitz.de" realm="NULL"
> What user is exim 4.91 running as when reading the keytab file?
> And which keytab file has the keys for "smtp/servername.tu-chemnitz.de"?
> What are the permissions on that file?


exim runs as user exim, keytab is standard /etc/krb5.keytab
-r--r----- 1 cyrus exim 1514 21. Dez 2015  /etc/krb5.keytab

No changes between 4.91 and 4.92, both tried on the same host.

Now, we build exim-4.92 with 2 files from 4.91:

./src/auths/cyrus_sasl.h
./src/auths/cyrus_sasl.c

And … gssapi with cyrus-sasl works!
So there are some changes breaking at least our setup.
Unfortunately a quick look at the diffs doesn't unveil the relevant changes
to our eyes.

[…]
> GSS acceptors don't communicate with the KDC, only GSS clients talk
> to the KDC, the servers just consume tokens supplied by clients and
> their own keytab file.


Ok, thanks.

Frank

--
Frank Richter
Chemnitz University of Technology, Germany