On Tue, Jul 3, 2012 at 12:29 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Tue, Jul 03, 2012 at 03:20:44PM -0400, Wietse Venema wrote: > >> > I thought this was working for me, but only due to a manual keytab I >> > had setup as user postfix (default /tmp/krb5cc_89) for testing. For >> > some reason postfix is not importing the two kerberos variables. >> > postconf only reports environment as the first line of variables >> > ending with LANG=C which can also be obtained by leaving the >> > import_environment out altogether: >> >> You run postconf by hand. Therefore it shows main.cf settings. > > The fault is mine I think. The import_environment setting is > only processed by: > > postmulti(1) > postfix(1) > postdrop(1) > postqueue(1) > master(8) > > The invidual services in master.cf don't support overrides of > import_environment. So the OP should modify my recipe to just set > the global import_environment, rather than the non-working more > surgical "krb5_import_environment". I tried to be more clever > without testing the "improved" recipe. What I used in the past was > the global variant.
This works now. Just for the sake of completeness I have tickets and keytabs directory one directory lower in /var/spool/postfix as that was the postfix home directory on my Redhat system. Directory permissions of 700 postfix:root and file permissions of 600 postfix:postfix appear to work for the tickets and the keytab. Steve
