[OpenAFS] PAG's and MTA's

Derrick J Brashear shadow@dementia.org
Wed, 27 Nov 2002 22:02:30 -0500 (EST)


On Thu, 28 Nov 2002, Nathan Ward wrote:

> I am attempting to get the courier mta running on a server, storing mail into afs in Maildirs.
> I have LDAP for nss.
> Kerberos for authentication.
> linux 2.4
> 
> I get permission denied errors when trying to drop mail into maildirs.
> Courier is getting the correct home dir (/afs/alb-nz.esphion.com/user/nward) and uids.
> I have run the courier startup script inside a pagsh, with the "mailerd/deliver" krb ticket and the mailerd.deliver AFS token.
> mailerd.deliver has "l" perms on all home dirs, and rlw on Maildirs and below.

you'd probably want rliw, but as you say:

> I have tried setting perms to "all" also. No effect.
> I have changed "maildrop" to rename() and not link().

ok, so:

> My different theorys are:
> - Courier is trying setuid itself to "nward" (the user i'm delivering to) and not getting the afs tokens. Is that possible? I am logged in as nward on the machine, shouldn't afs use that user's tokens?
> - Courier doesnt have the tokens for the mailerd.deliver afs user once it forks or something.

can you make it run a script which sends the output of tokens to a file?