Am 18.12.2000 um 18:13:49 schrieb Kris Kelley:
Hi Kris,
thanks for your help!
> It may be a matter of permissions. When invoked from patched
qmail-smtpd,
> both checkpassword and cmd5checkpw do not have root access.
Therefore, they
> must be given permission to look at /etc/poppasswd. One way to grant
this
> permission is to set /etc/poppasswd world writable, but obviously that
is
> NOT a good idea.
I did it as described in the INSTALL-file of cmd5checkpw
> The latest version of cmd5checkpw (0.22) handles both clear-text and
> CRAM-MD5 authentication schemes, so I would recommend using it
exclusively,
It is the version I use.
> for simplicity's sake. Assuming you have 0.22, change your
> /var/qmail/supervise/qmail-smtpd/run file to look like this:
>
> #!/bin/sh
> QMAILDUID=`id -u qmaild`
> NOFILESGID=`id -g qmaild`
> exec /usr/local/bin/softlimit -m 2000000 \
> /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb \
> -u $QMAILDUID -g $NOFILESGID 0 smtp
/var/qmail/bin/qmail-smtpd
> \
> /bin/cmd5checkpw /bin/true /bin/cmd5checkpw /bin/true
I changed it according to this example.
> Next, follow these instructions, taken from the cmd5checkpw INSTALL
file:
>
> Now select a free user id in your system. Create that user in
> /etc/passwd
> do "chown thatuser /etc/poppasswd" , "chmod 400 /etc/poppasswd",
> "chown thatuser /bin/cmd5checkpw" and "chmod a+s
/etc/cmd5checkpw".
> Of course replace "thatuser" with username of the user you have
> created.
I have done this when I installed cmd5checkpw. (I thing it should be
"chmod a+s /bin/cmd5ckeckpw" instead of "chmod a+s /etc/....". If
Krzysztof is not reading the List I will drop him a note)
> This makes cmd5checkpw set itself to be owned by the same UID that
owns
> /etc/poppasswd, thus allowing it to read the file.
it should always have been able to read it, I double-checked te
permissions, they look like this:
-r-------- 1 smtpauth smtpauth 10 Dec 19 09:51 /ec/poppasswd
-rwsr-sr-x 1 smtpauth smtpauth 22701 Dec 18 21:36 /bin/cmd5checkpw
it still does not work, still the same problem. I tried it with a system
user (included in /etc/passwd) and with a trest-user (not in /etc/passwd
but only in /etc/poppasswd) it worked in no case.
Thanks for your help
/Clemens
