I am trying to debug why having KRB5_KTNAME set in the environment of a process is not actually making that process use that keytab file but instead is using the default /etc/krb5.keytab.
The process is Postfix's SMTP deamon (smtpd). I have confirmed that the method of setting the environment variable is working: # ps -ef | grep smtpd postfix 3726845 3515138 0 11:56 ? 00:00:00 smtpd -n smtp -t inet -u -o stress= -s 2 # tr '\0' '\n' < /proc/3726845/environ KRB5_KTNAME=/etc/postfix/smtp.keytab KRB5_CLIENT_KTNAME=/etc/postfix/smtp.keytab KRB5_TRACE=/tmp/smtpd_krb5_trace GENERATION=55 However when looking at what the process is actually trying to open with strace, it's clear that it's not using /etc/postfix/smtp.keytab: # grep keytab /tmp/smtpd.strace6 3726845 openat(AT_FDCWD, "/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied) 3726845 openat(AT_FDCWD, "/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied) As you can see, I did attempt to try to trace the kerberos library with KRB5_TRACE=/tmp/smtpd_krb5_trace but that file does not actually get anything written to it: -rwxrwxrwx. 1 root root 0 Jan 27 11:27 smtpd_krb5_trace and the above strace doesn't show any sign of trying to open or even stat the file: # grep smtpd_krb5_trace /tmp/smtpd.strace6 [nothing] Kerberos version appears to be MIT 1.18.2. Any thoughts/ideas? Cheers, b. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
