From: (no name) (no email)
Date: Fri Jan 02 2004 - 09:34:39 EST
On Thu, 1 Jan 2004 wrote:
> SO, my options appear to be, 1) not running "smtpd" "chroot'ed", or 2)
> creating "/var/spool/postfix/etc/krb5.keytab". I've tried to discover
> how the files in "/var/spool/postfix" are maintained ... What must I do
> to ensure "/var/spool/postfix/etc/krb5.keytab" is kept current with
> "/etc/krb5.keytab"?
>
Do NOT keep the files in sync. /etc/krb5.keytab contains the host keys for
rlogin, ssh, ... these are sensitive and disclosure can lead to system
compromise. Using a chrooted smtpd allows you to have a separate keytab
for "smtpd", this is a good thing. Populate the keytab in the chroot jail
with the "smtp/host dot fqdn at REALM" key. Add any other files required for the
server to determine its own realm.
-- Viktor.
|
|
|