[exim-dev] [Bug 2501] fix missing parentheses in heimdal_gss…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2501] fix missing parentheses in heimdal_gssapi.c
https://bugs.exim.org/show_bug.cgi?id=2501

--- Comment #3 from unki@??? ---
> Is it operational with your build?


Hi Jeremy!

I've successfully compiled it on Debian Buster (Exim v4.93 + Heimdal v7.5.0).
The libraries seem to get correctly linked into /usr/sbin/exim4.

unki@gna:~$ ldd /usr/sbin/exim4  | grep -iE '(gssap|heim)'
    libgssapi.so.3 => /lib/x86_64-linux-gnu/libgssapi.so.3 (0x00007f4c65851000)
    libgssapi_krb5.so.2 => /lib/x86_64-linux-gnu/libgssapi_krb5.so.2
(0x00007f4c64a7b000)
    libheimntlm.so.0 => /lib/x86_64-linux-gnu/libheimntlm.so.0
(0x00007f4c64a6f000)
    libheimbase.so.1 => /lib/x86_64-linux-gnu/libheimbase.so.1
(0x00007f4c6492a000)


"exim4 -bV" reports the authenticator as well.

Authenticators: cram_md5 cyrus_sasl dovecot heimdal_gssapi plaintext spa tls


But this authenticator-config - I use the same on Debian Stretch with
custom-built Exim v4.89 for years - does not get accepted by v4.93:


gssapi_auth:
driver = heimdal_gssapi
public_name = GSSAPI
server_advertise_condition = ${if eq{$tls_cipher}{}{false}{true}}
server_keytab = /etc/exim4/krb5.keytab
server_hostname = ${primary_hostname}
server_service = smtp


unki@gna:/etc/exim4$ sudo /usr/sbin/exim4 -C
/var/lib/exim4/config.autogenerated.tmp -bV -d+all
...

09:38:34 27025 cwd=/etc/exim4 5 args: /usr/sbin/exim4 -C
/var/lib/exim4/config.autogenerated.tmp -bV -d+all
09:38:34 27025 trusted user
09:38:34 27025 admin user
09:38:34 27025 changed uid/gid: privilege not needed
09:38:34 27025 uid=108 gid=114 pid=27025
09:38:34 27025 auxiliary group list: 114
09:38:34 27025 seeking password data for user "mail": cache not available
09:38:34 27025 getpwnam() succeeded uid=8 gid=8
09:38:34 27025 heimdal: using keytab file:/etc/exim4/krb5.keytab
09:38:34 27025 heimdal: keytab principal: smtp/gna.netshadow.net@???
vno=1 type=aes256-cts-hmac-sha1-96
... (more keytab principals)...
09:38:34 27025 LOG: PANIC DIE
09:38:34 27025 Exim configuration error in line 914 of
/var/lib/exim4/config.autogenerated.tmp:
09:38:34 27025 extra characters follow driver name cram_md5
09:38:34 27025 search_tidyup called
09:38:34 27025 >>>>>>>>>>>>>>>> Exim pid=27025 () terminating with rc=1
>>>>>>>>>>>>>>>>



Above line 914 (cram_md5 authenticator) is the above stanza of gssapi_auth
authenticator. I've I comment it out, the config validates again.

And I've verified - it's not a permission problem on the keytab-file.

--
You are receiving this mail because:
You are on the CC list for the bug.