[OpenAFS] PAG's and MTA's

[Nathan Ward]

I am attempting to get the courier mta running on a server, storing mail into afs in Maildirs.
I have LDAP for nss.
Kerberos for authentication.
linux 2.4

I get permission denied errors when trying to drop mail into maildirs.
Courier is getting the correct home dir (/afs/alb-nz.esphion.com/user/nward) and uids.
I have run the courier startup script inside a pagsh, with the "mailerd/deliver" krb ticket and the mailerd.deliver AFS token.
mailerd.deliver has "l" perms on all home dirs, and rlw on Maildirs and below.
I have tried setting perms to "all" also. No effect.
I have changed "maildrop" to rename() and not link().

My different theorys are:
- Courier is trying setuid itself to "nward" (the user i'm delivering to) and not getting the afs tokens. Is that possible? I am logged in as nward on the machine, shouldn't afs use that user's tokens?
- Courier doesnt have the tokens for the mailerd.deliver afs user once it forks or something.

Thoughts?

-- 

Nathan Ward
System Administrator
Esphion Ltd.

PH:    +64 9 4142060      | EMail: nward@esphion.com
MOB:   +64 9 21 431675    | Web:   www.esphion.com

--

This message is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily constitute those of my employer.
Harvesting of this address for purposes of bulk email (spam and UCE) is expressly prohibited unless by my explicit prior request.  I retaliate viciously against spammers and spam sites.