On Mon, Jul 01, 2013 at 03:18:03PM -0400, Erinn Looney-Triggs wrote:
> relayhost = smtp.myserver.com
> smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
> smtp_tls_session_cache_database =
> btree:${data_directory}/smtp_tls_session_cache
> smtp_tls_security_level = may
> import_environment =
> MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ LANG=C
> KRB5CCNAME=${data_directory}/kerberos/cache
This sets the ticket cache to "/var/lib/postfix/kerberos/cache"
Keep in mind that credential caches have a type, which should not
generally be left out, use:
KRB5CCNAME=FILE:${data_directory}/krb5_ccache
> A cronjob that is working and confirmed on the client:
> @reboot kinit -c /var/lib/postfix/cache -k -t /etc/keytabs/smtp.keytab
> SMTP/$(uname -n)
> * 0-23/4 * * * kinit -c /var/lib/postfix/cache -k -t
> /etc/keytabs/smtp.keytab SMTP/$(uname -n)
This places tickets in "/var/lib/postfix/cache", which is different
from your environment, use:
* 0-23/4 * * * kinit -c FILE:/var/lib/postfix/krb5_ccache -k -t
/etc/keytabs/smtp.keytab smtp/$(uname -n)
The GSSAPI service name for SMTP is "smtp" (just like in /etc/services)
not "SMTP". The principal in the keytab must also be lower case.
> I have tried relocating the cache to /var/spool/postfix/kerberos without
> it making a difference.
Postfix reads the credential cache as "postfix". Do the cron jobs run
as "postfix" or as "root"?
> There has to be something I am missing here. Suggestions?
Multiple problems.
- Missing ccache type
- Inconsistent ccache name
- Possibly wrong ccache owner
- Wrong service name in keytab
--
Viktor.
