[OpenAFS] PAG's and MTA's

Nathan Ward nward@esphion.com
Fri, 29 Nov 2002 08:18:50 +1300


What I have done since I originally posted is hacked up courier sources to get a ticket, get a token, and deliver.
As it gets tickets and tokens, it dumps them to files.
It seems to deliver ok in the logs, but the files aren't going into the directories.
I have also changed some of the link() unlink() calls to rename().
I'm going to have to read some more about courier I think.

On Wed, 27 Nov 2002 22:02:30 -0500 (EST)
"Derrick J Brashear" <shadow@dementia.org> wrote:

> On Thu, 28 Nov 2002, Nathan Ward wrote:
> 
> > I am attempting to get the courier mta running on a server, storing mail into afs in Maildirs.
> > I have LDAP for nss.
> > Kerberos for authentication.
> > linux 2.4
> > 
> > I get permission denied errors when trying to drop mail into maildirs.
> > Courier is getting the correct home dir (/afs/alb-nz.esphion.com/user/nward) and uids.
> > I have run the courier startup script inside a pagsh, with the "mailerd/deliver" krb ticket and the mailerd.deliver AFS token.
> > mailerd.deliver has "l" perms on all home dirs, and rlw on Maildirs and below.
> 
> you'd probably want rliw, but as you say:
> 
> > I have tried setting perms to "all" also. No effect.
> > I have changed "maildrop" to rename() and not link().
> 
> ok, so:
> 
> > My different theorys are:
> > - Courier is trying setuid itself to "nward" (the user i'm delivering to) and not getting the afs tokens. Is that possible? I am logged in as nward on the machine, shouldn't afs use that user's tokens?
> > - Courier doesnt have the tokens for the mailerd.deliver afs user once it forks or something.
> 
> can you make it run a script which sends the output of tokens to a file?
> 
> 
> 
> 


-- 

Nathan Ward
System Administrator
Esphion Ltd.

PH:    +64 9 4142060      | EMail: nward@esphion.com
MOB:   +64 9 21 431675    | Web:   www.esphion.com

--

This message is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily constitute those of my employer.
Harvesting of this address for purposes of bulk email (spam and UCE) is expressly prohibited unless by my explicit prior request.  I retaliate viciously against spammers and spam sites.