On Thu, 2022-01-27 at 15:34 -0500, Brian J. Murrell wrote: > On Thu, 2022-01-27 at 20:31 +0100, Jochen Kellner wrote: > > > > I once configured postfix to uses sasl: > > > > main.cf:83:smtpd_sasl_auth_enable = yes > > I do have that already. > > > And inĀ /etc/postfix/sasl/smtpd.conf: > > Hrm. I don't have this file. But I never did and this all worked > prior to a few days ago when the machine was upgraded from EL7 to EL8, > which unsurprisingly upgrades a lot of things in big jumps. So maybe > this is now necessary. > > Ahh. Looking at smtpd's strace output, it seems it's looking in > /etc/sasl2/smtpd.conf on my machine and I do have that file with: > > pwcheck_method: saslauthd > mech_list: gssapi plain login > > > keytab: /etc/smtp.keytab > > And indeed, winner winner, chicken dinner! Adding a "keytab: > /etc/postfix/smtp.keytab" to that file is making smtpd use the correct > keytab file now. > > So this must all be new behavior in some upgraded versions.
The keytab option for the cyrus-sasl gssapi plugin is somewhat new (considering that RHEL-8 is almost 3 years old now) and is probably causing the change in behavior wrt environment variables that you are experiencing. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
