|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: GSSAPI Authentication
ms419
freezone.co.uk
Date: Fri Jan 02 2004 - 03:51:12 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Aren't some files, such as "/etc/hosts", automatically copied into the
jail when they are out of date? How can I make the keytab one of these?
My kerberos knowledge is also limited, but I gather that the keytab
should not be world readable. However, though it is readable by the
user postfix, postfix complains:
7063 open("/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied)
How come?
Thanks for all your help,
Jack
On Jan 2, 2004, at 12:58 AM, Andreas Winkelmann wrote:
> Am Freitag, 2. Januar 2004 07:13 schrieb ms419freezone.co.uk:
>
>> Aha! I didn't understand what "chroot'ed" meant ... Now I gather that,
>> because "smtpd" DOES run "chroot'ed", it looks for
>> "/var/spool/postfix/etc/krb5.keytab", which doesn't exist.
>>
>> SO, my options appear to be, 1) not running "smtpd" "chroot'ed", or 2)
>> creating "/var/spool/postfix/etc/krb5.keytab". I've tried to discover
>> how the files in "/var/spool/postfix" are maintained ... What must I
>> do
>> to ensure "/var/spool/postfix/etc/krb5.keytab" is kept current with
>> "/etc/krb5.keytab"?
>
> I would prefer 1) ;-) But my Kerberos-Knowledge is not really good. It
> is only
> updated/changed after you run manually "ktutil"? So after this copy
> the new
> version from /etc to the jail.
>
> --
> Andreas
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]