Ok, Thank you for these useful clarifications
Samuel
Le lun. 4 oct. 2021 à 17:27, Viktor Dukhovni <postfix-us...@dukhovni.org> a
écrit :
> On Mon, Oct 04, 2021 at 04:34:39PM +0200, Sam R wrote:
>
> > Now it's working fine!
> >
> > I finally succeeded. I worked around by increasing only the value of the
> > line_length_limit option to 12288 ( same value as the default for
> > smtpd_sasl_response_limit )
>
> That's the right thing to do when the client is not honouring the
> initial response length limits of the SASL RFC.
>
> > And create a specific keytab file containing the SPN
> (/etc/postfix/smtp.keytab )
>
> That works, but I would put the file in ${data_directory} (typically
> somewhere under /var). The files in /etc/postfix are all supposed to be
> root-owned.
>
> > But I haven't thought about why the Kerberos ticket size is too big.
> Maybe
> > I should ask the question about the samba list?
>
> That's normal for Windows AD and Samba, because tickets issued by
> Windows KDCs (and Samba which is just an implementation of the Windows
> server stack on Unix) contain a "PAC" with the full list of group SIDs
> the user belongs to. These lists can be long.
>
> --
> Viktor.
>
