|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andreas Hasenack (ahasenack
terra.com.br)
Date: Thu Oct 18 2007 - 07:19:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Em Qua, 2007-10-17 Ã s 21:47 -0400, Victor Duchovni escreveu:
> On Wed, Oct 17, 2007 at 08:28:30PM -0500, Justin L Graham wrote:
>
> > >Does GSSAPI auth ever succeed? Does the server have a keytab file,
> > >what permissions and how do you tell Postfix where the keytab is
> > >located? Is the smtpd chrooted?
> >
> > Yes, GSSAPI works a good portion of the time.
> >
> > The server has a keytab for postfix, it's owned by root:sasl (postfix
> > is a member of the sasl group) and is mod 640. The keytab location
> > is set by an environmental variable export (KRB5_KTNAME) in /etc/
> > defaults/postfix [which is sourced by the init script]. Postfix
> > isn't chrooted.
>
> In that case follow the instructions in DEBUG_README.html and try to
> obtain a usable core file. Make sure your K5 libraries are reasonably
> current and that SASL gssapi plugin is compiled against the same version
> of Kerberos you are using... Do you link Postfix with any other software
> that might depend on Kerberos and cause DDL hell? Or multiple SASL
> dependencies in Postfix and say an LDAP library or NSS module...
Pay attention to the berkeley db libraries. It's usual to have several
different versions installed, and all these programs and other libraries
that were mentioned link against it.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]