[exim] tuning exim4, openafs, kerberos to work together

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Daniel Tiefnig at ->
Delete this message
Reply to this message
Author: Steger Jozsef
Date:  
To: exim-users
Subject: [exim] tuning exim4, openafs, kerberos to work together

Hi,

I am facing with a problem to which I cannot find a proper key for days. I
read the docs and browsed the google in vain. I'd welcome every helping
hint.

I'm using debian testing linux distribution. I would like to achieve that
when a mail is received it should be delivered in the user's home/Maildir,
which is an openafs export.

The problem is that upon a mail reception when exim4 forks a new process
and changes uid according to the user the mail should be delivered to, it
does not request for neither a kerberos5 nor an openafs ticket, and thus
cannot write the mail in home/Maildir/new/ .

However, if the uzer is logged in (and has the proper credentials) when a
mail is received, it is properly written to the home/Maildir/new/
directory. It makes me have a feeling PAM is not properly configured for
exim or exim doens't digest it as I expect.

The output in /var/log/exim4/mainlog:
2007-01-03 15:39:49 1H27HQ-0006oY-Vu <= steger@??? H=mx2.mail.elte.hu [157.181.151.9] P=esmtp S=1102 id=E1H27HK-0001Oj-Q0@???
2007-01-03 15:39:49 1H27HQ-0006oY-Vu == steger@??? R=local_user T=maildir_home defer (13): Permission denied: cannot create /home/steger/Maildir
[... cut ...]
[... logged in as user steger and issued kinit/aklog for credentials ...]
[... cut ...]
2007-01-03 16:39:27 1H27HQ-0006oY-Vu => steger <steger@???> R=local_user T=maildir_home
2007-01-03 16:39:27 1H27HQ-0006oY-Vu Completed 

The following exim packages are installed:
ii  exim4               4.63-11
ii  exim4-base          4.63-11
ii  exim4-config        4.63-11
ii  exim4-daemon-heavy  4.63-10


The following openafs packages are installed:
ii  libpam-openafs-session         1.0-7
ii  openafs-client                 1.4.2-3
ii  openafs-krb5                   1.4.2-3
ii  openafs-modules-2.6.17-2-amd64 1.4.2-2+2.6.17-9
ii  openafs-modules-source         1.4.2-3


The following krb5 packages are installed:
ii  krb5-admin-server   1.4.4-4
ii  krb5-config         1.11
ii  krb5-kdc            1.4.4-4
ii  krb5-user           1.4.4-4
ii  libkrb53            1.4.4-4
ii  libpam-krb5         2.6-1
ii  openafs-krb5        1.4.2-3


The following ldap packages are installed:
ii  ldap-utils          2.3.27-1
ii  libldap-2.3-0       2.3.27-1
ii  libldap2            2.1.30-13+b1
ii  libnss-ldap         251-7
ii  libpam-ldap         180-1.4


In /etc/pam.d/exim I have (just to be sure, there is a symlink
/etc/pam.d/exim4 -> /etc/pam.d/exim) : 

auth    [success=ok default=1]  pam_krb5.so ignore_root debug
auth    [default=done]          pam_openafs_session.so debug
account required        pam_krb5.so ignore_root debug
session optional        pam_krb5.so ignore_root debug
session optional        pam_openafs_session.so debug


Thanks for your help.

Bests,
Steger Jozsef


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Whitelist using mySQLRe: [exim] Whitelist using mySQL->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)