On 2013-05-23 at 03:00 +0200, Jaap Winius wrote: > To finally answer my own question of 2011-04-08, yes you can (I'm > still using MIT Kerberos, but now with Debian wheezy and Exim 4.80), > the section above is correct, and besides a working Kerberos client > (using k5start to regularly renew the host ticket) and a few extra > library packages (one or all three of libsasl2-2, libsasl2-modules and > libsasl2-modules-gssapi-mit), all I was missing was a properly set > environment variable that Exim needs to find its keytab file. I used > the following: > > export KRB5_KTNAME="/etc/exim4/exim.keytab" > > All I did was append this line to /etc/default/exim4; a text file that > is sourced by /etc/init.d/exim4 every time this script is run. Oh, and > that keytab file is where I saved the keys for > smtp/[email protected] -- not in the host keytab file, > /etc/krb5.keytab (that's for host/[email protected]). > > It works like a charm.
I'm glad to hear it, and to get a success report for MIT Kerberos: thank you. In the meantime, Heimdal changed their libraries to ignore the environment variable for setuid programs. So we now have the `heimdal_gssapi` authentication driver, as of Exim 4.80. If you have a test environment which you can play with, I'd be interested in knowing if that driver works with MIT at all, or if the extension truly is Heimdal-specific. Regards, -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
