Lai Yiu Fai <[EMAIL PROTECTED]> writes:
>problem is that I must arrange the tokens associate with UID and not PAG
>due to some security concern. (Actually I'm running Zmailer daemon on it,
>the admin token required to read user's home directory .forward, the local
>delivery agent will first change to user's uid and then either deliver to
>the system mbox or process his .forward file. If I create PAG before
>starting ZMailer, the delivery agent will also inherit the token and then
>execute any programs that defined in his .forward.)
In sendmail, it is possible to specify which shell is used when
executing "programs" via mail alias expansion (and .forward files).
This is useful so one may specify /usr/afsws/bin/pagsh instead of /bin/sh
and get a new PAG for the running of "programs". The new PAG means
that the running "program" does not share the mail delivery daemon's
AFS token.
Does ZMailer use sendmail for delivery?
Or, can you specify the shell to use in the ZMailer delivery agent?
I have to comment that allowing processing of .forward files is fraught
with difficulties. So much so, that I believe they should be disabled.
It is too easy for users to play havoc (either unknowingly or mischieviously)
and simply waste your system administrator's time.
If you are going to allow .forward files to work, do your users have $HOMEs
under /afs? If so, do your users expect their .forward file "programs" to
be executing with their own AFS identities? I don't see how you could
achieve this without the mail delivery daemon authenticating per user.
>Is one day lifetime an acceptable value? Is what you mean I need to unlog
>before I reauth in order to keep kernel data structures small?
I use the default ticket lifetime of 25 hours.
Using the afs-contrib/tools reauth.c, I have not found it necessary
to unlog before re-authenticating even with long (months at a time)
runs of, for example, sendmail on the site mailserver.
>Actually, our server will reboot daily and acquire the token at startup.
>I think that it has the same effect but it seems it has the same problem.
Hmm, whatever the problem is, rebooting daily will only hide it for
another 24 hours, but at least you will have good boot scripts!
To solve your problem of disappearing tokens, I would try to get more
information. Have your re-authenticating daemon syslog its activity.
Have some test debugging scripts (executed via mail alias) which
log details of shell environment. Use the "tokens" command to check
AFS authentication each stage of procesing to help you understand
when the token goes AWOL.
Hope this helps.
--
choi g'in!
paul http://acm.org/~mpb/homepage.html
