On Mon, Oct 04, 2021 at 04:34:39PM +0200, Sam R wrote:
> Now it's working fine!
>
> I finally succeeded. I worked around by increasing only the value of the
> line_length_limit option to 12288 ( same value as the default for
> smtpd_sasl_response_limit )
That's the right thing to do when the client is not honouring the
initial response length limits of the SASL RFC.
> And create a specific keytab file containing the SPN
> (/etc/postfix/smtp.keytab )
That works, but I would put the file in ${data_directory} (typically
somewhere under /var). The files in /etc/postfix are all supposed to be
root-owned.
> But I haven't thought about why the Kerberos ticket size is too big. Maybe
> I should ask the question about the samba list?
That's normal for Windows AD and Samba, because tickets issued by
Windows KDCs (and Samba which is just an implementation of the Windows
server stack on Unix) contain a "PAC" with the full list of group SIDs
the user belongs to. These lists can be long.
--
Viktor.
