novaBBS - comp.protocols.kerberos - Re: Debugging why KRB5

Re: Debugging why KRB5_KTNAME isn't working

<mailman.13.1643308068.8148.kerberos@mit.edu>

https://www.novabbs.com/devel/article-flat.php?id=202&group=comp.protocols.kerberos#202

copy link Newsgroups: comp.protocols.kerberos

Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: bri...@interlinx.bc.ca (Brian J. Murrell)
Newsgroups: comp.protocols.kerberos
Subject: Re: Debugging why KRB5_KTNAME isn't working
Date: Thu, 27 Jan 2022 13:27:07 -0500
Organization: TNet Consulting
Lines: 35
Message-ID: <mailman.13.1643308068.8148.kerberos@mit.edu>
References: <4f4a71e295df1a7aa4e53475af50164af7cbe86a.camel@interlinx.bc.ca>
<202201271803.20RI3uW0023229@hedwig.cmf.nrl.navy.mil>
<0d9c6ad8baa23118afb18a9ff82e9ff99a85d7cb.camel@interlinx.bc.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: 7bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="15261"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Evolution 3.42.3 (3.42.3-1.fc35)
To: <kerberos@mit.edu>
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=j/u/mgNKfFzTzjxWOCeIDrolWJmmZZmQQlk85y2pm7w2cF93pHOLgctMac3R0DltY7kIZLtMCh8b42Q5K/jG92aDncl4m8qPW62us8X7Rp8lf2n9uA1uR4ktRYf/PMZUE5+C7JE30q8vGd+s1q/xWA7NjxTc2rJUHN648G2O9Ts2hZpC0v1uUJCTOZ+DqP5/EYB2a0KaCn2upUyYWEFOkIBaULoi74/Xa2NOuvwXRQgyqozuRBj+9AJKsfI3G/l3y8xPl4ns8F+Gik8xELEYW/Q2pNNWCWf/2qNG4nqbDiTOfZkfqA+fp3Y26T1ZVKGnbKMV0aEQsXjfAW9q099tDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=bq37p4iq7JioyqYRd5/XqICzAN8Qkx39GpPnT8iXrpk=;
b=PfK6m8ymeYFCPJuoGTcYxYo6XAXX3qpe5d/64zqtbKJ1QLxh4D9UFpvSFFCXgK4jFH2QjCmmJpf3ExUR8YdZLBieCWfMyVQjlTL/1HrckYX4JJSfRgXBfXUxei754UkZBkub5dftZNOKzT5+I9dA48odhLqnKlN+5yTJxtmfwSEL7rAN4V/lCP/rLQrBA2JL8u+Xk0lsJ9fGGcL5k8AvcvxEBEy9x/LPgQkjNLQKmLTXtaeZd5HtjX1IgxkmnrttvK6LgFsFlYdsKBZLYpIYO+6OcKMepqc5dQ/ft4RUeRgwZ7gGWxmUNGBAm0XSVmBLHIt8AQ+6oe1tD4h0gBbfcg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
69.165.217.196) smtp.rcpttodomain=mit.edu smtp.mailfrom=interlinx.bc.ca;
dmarc=bestguesspass action=none header.from=interlinx.bc.ca; dkim=none
(message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=bq37p4iq7JioyqYRd5/XqICzAN8Qkx39GpPnT8iXrpk=;
b=ARZF1IDeWz4PkN3dLiaB5BCLx/wujljNmCO+9wAJvAS2lVzuXtahSKPjxYApljUdFpoWJKFpwFNQirwJP0CoQaJlOLIGZB5oQLgX5/a2ZmGN23B4kwXppbx4VMzTNC5ZYE66wlhBdTaP449yVNZyNoL5VkgDv+kHr14DwKlGMXc=
Authentication-Results: spf=pass (sender IP is 69.165.217.196)
smtp.mailfrom=interlinx.bc.ca; dkim=none (message not signed)
header.d=none;dmarc=bestguesspass action=none header.from=interlinx.bc.ca;
Received-SPF: Pass (protection.outlook.com: domain of interlinx.bc.ca
designates 69.165.217.196 as permitted sender)
receiver=protection.outlook.com; client-ip=69.165.217.196;
helo=server.interlinx.bc.ca;
In-Reply-To: <202201271803.20RI3uW0023229@hedwig.cmf.nrl.navy.mil>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7885432a-0b44-4137-628f-08d9e1c2a356
X-MS-TrafficTypeDiagnostic: MWHPR01MB3262:EE_
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam-PRVS: <MWHPR01MB3262FA8DF25ECD1F323BFB32F8219@MWHPR01MB3262.prod.exchangelabs.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HhN8lECAM3/zyf2hFUEBdf/6ntoht62nJX01FUiQUYfFQsfJztEA5UVG9h6LGLX3l3K637Dx2bVcTE/gZHd5nuAqXxwsjltRT3qbM9tyefB2Iq6/aDQjjv50aInb3PpgbFOY8prWL8HoEn0RXe/euvhAnBdRk4LtwEGA02lWhkBki/c/pJG1zWuA3+H0zLUOaNab5NwUMvph27DFk8c3bVoyilK4vKHmr1X1jQV9BCCvh3iDd8hE7EIdMdPvidGK9rKY7WIOyT0VQC4f5JRiQvKz/9lLFEj6E8u2nae4F0f2mXpJXwfy3BCe1JJPrmMkwwTB/WEzf/vvK+jKcF4V5SMQi6cIFS+EehjmeSRkxezLyg8IyS6VmiUsdkOa15bsi8lybUTVcCZ28LQIDICqMsDnzigtOoN6VURRvELNyEHnmPtgGX9lnPqJKTSW0CNixpbqFMr0fVPJhqEgF+9nt8yqr7Xr+SQTGoyQf5xPeXRb5ffkHIjmlEJpSGIrsz+nzgz5oJ2ZEvom1hqi+HtoZzNE1mTi+G16ikghkh4ha8wkveoCPM6JVlLuo+hlIGI5lKeiPxOVvKP84R1pR7Qr+0IXAQJ0TUv3zEzyJWwZeKSLUuWQbZ1Vxt5UVhMrCSSh
X-Forefront-Antispam-Report: CIP:69.165.217.196; CTRY:CA; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:server.interlinx.bc.ca; PTR:mail.interlinx.bc.ca;
CAT:NONE;
SFS:(13230001)(4636009)(6966003)(26005)(83380400001)(5660300002)(86362001)(2616005)(508600001)(336012)(8676002)(34206002)(6266002)(68406010)(426003)(70586007)(356005)(36756003)(786003)(316002)(2906002)(7636003)(20210929001);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jan 2022 18:27:12.7857 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7885432a-0b44-4137-628f-08d9e1c2a356
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT049.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR01MB3262
X-OriginatorOrg: mitprod.onmicrosoft.com
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <0d9c6ad8baa23118afb18a9ff82e9ff99a85d7cb.camel@interlinx.bc.ca>
X-Mailman-Original-References: <4f4a71e295df1a7aa4e53475af50164af7cbe86a.camel@interlinx.bc.ca>
<202201271803.20RI3uW0023229@hedwig.cmf.nrl.navy.mil>

by: Brian J. Murrell - Thu, 27 Jan 2022 18:27 UTC

On Thu, 2022-01-27 at 13:03 -0500, Ken Hornstein wrote:
>
>
> Is it possible Postfix is clearing out the environment at startup?

As anything, I suppose it is possible. It would be doing so in
violation of exactly the purpose of the mechanism that is being used to
set the environment though. Meaning, the environment is not just being
set by the caller and Postfix is clearing it as a matter of good
housekeeping. The variable is actually being specified in a for-
purpose Postfix configuration mechanism. This mechanism is
specifically defined to set environment variables in Postfix processes.

I will ask the Postfix mailing list in any case.

> a very brief
> test suggests to me that "environ" contains the environment at
> process
> start and modification of the current environment isn't reflected
> there,

That's the result of my testing too. I must admit to being a little
surprised at that though. Seems to significantly diminish the
purpose/usefulness of that particular /proc entry.

> so if Postfix was resetting the environment you wouldn't know it

Indeed.

I wonder if you can suggest a simple test that would verify/demonstrate
the functionality of the KRB5_KTNAME env. var. that I can use in my
problem report to the Postfix devs.

Cheers,
b.

Your good nature will bring unbounded happiness.

devel / comp.protocols.kerberos / Re: Debugging why KRB5_KTNAME isn't working

devel / comp.protocols.kerberos / Re: Debugging why KRB5_KTNAME isn't working

Subject	Author
Re: Debugging why KRB5_KTNAME isn't working	Brian J. Murrell