Am 20.06.19 um 20:03 schrieb Viktor Dukhovni via Exim-users:
On Thu, Jun 20, 2019 at 04:05:52PM +0200, Frank Richter via Exim-users wrote:4.91: … 17651 Initialised Cyrus SASL server connection; service="smtp" fqdn="servername.tu-chemnitz.de" realm="NULL"What user is exim 4.91 running as when reading the keytab file? And which keytab file has the keys for "smtp/servername.tu-chemnitz.de"? What are the permissions on that file?
exim runs as user exim, keytab is standard /etc/krb5.keytab -r--r----- 1 cyrus exim 1514 21. Dez 2015 /etc/krb5.keytab No changes between 4.91 and 4.92, both tried on the same host. Now, we build exim-4.92 with 2 files from 4.91: ./src/auths/cyrus_sasl.h ./src/auths/cyrus_sasl.c And … gssapi with cyrus-sasl works! So there are some changes breaking at least our setup.Unfortunately a quick look at the diffs doesn't unveil the relevant changes to our eyes.
[…]
GSS acceptors don't communicate with the KDC, only GSS clients talk to the KDC, the servers just consume tokens supplied by clients and their own keytab file.
Ok, thanks. Frank -- Frank Richter Chemnitz University of Technology, Germany
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
