From: (no name) (no email)
Date: Fri Jan 02 2004 - 04:51:12 EST
Aren't some files, such as "/etc/hosts", automatically copied into the
jail when they are out of date? How can I make the keytab one of these?
My kerberos knowledge is also limited, but I gather that the keytab
should not be world readable. However, though it is readable by the
user postfix, postfix complains:
7063 open("/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied)
How come?
Thanks for all your help,
Jack
On Jan 2, 2004, at 12:58 AM, Andreas Winkelmann wrote:
> Am Freitag, 2. Januar 2004 07:13 schrieb :
>
>> Aha! I didn't understand what "chroot'ed" meant ... Now I gather that,
>> because "smtpd" DOES run "chroot'ed", it looks for
>> "/var/spool/postfix/etc/krb5.keytab", which doesn't exist.
>>
>> SO, my options appear to be, 1) not running "smtpd" "chroot'ed", or 2)
>> creating "/var/spool/postfix/etc/krb5.keytab". I've tried to discover
>> how the files in "/var/spool/postfix" are maintained ... What must I
>> do
>> to ensure "/var/spool/postfix/etc/krb5.keytab" is kept current with
>> "/etc/krb5.keytab"?
>
> I would prefer 1) ;-) But my Kerberos-Knowledge is not really good. It
> is only
> updated/changed after you run manually "ktutil"? So after this copy
> the new
> version from /etc to the jail.
>
> --
> Andreas
>
>
|
|
|