Public bug reported:
I had some trouble getting GSSAPI authentication in postfix working when
moving my mail system to a new machine. GSSAPI is a bit complicated
with postfix since it runs in a chroot jail. There are several guides
available for this process (in particular, getting the keytab and
krb5.conf files in the right place), and I did have it working on my
previous machine, so I was pretty sure I had the configuration correct
and that there was something wrong with the newly installed system.
Postfix was producing the following errors in the system log:
postfix/smtpd[5099]: warning: SASL authentication failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information ()
postfix/smtpd[5099]: warning: host[x.x.x.x]: SASL GSSAPI authentication failed:
generic failure.
That error was not terribly useful, but strace-ing the smtpd process produced
the source of the real error:
lstat(/var/tmp/smtp_118, 0x7fffcafd42f0) = -1 ENOENT (No such file or
directory)
unlink(/var/tmp/smtp_118) = -1 ENOENT (No such file or directory)
open(/var/tmp/smtp_118, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600) = -1 ENOENT
(No such file or directory)
unlink(/var/tmp/smtp_118) = -1 ENOENT (No such file or directory)
The process was unable to create a credential cache because the /var/tmp
directory did not exist under the chroot filesystem. Creating the
directory /var/spool/postfix/var/tmp with postfix-writeable permissions
fixed the problem and GSSAPI authentication started working.
I'm not exactly sure why the gssapi library was using /var/tmp instead
of /tmp (which didn't exist either). kerberos credentials for the rest
of my system are stored in /tmp.
I think the postfix package should be altered to include a /var/tmp
directory in the chroot file hierarchy. If that is not possible, the
gssapi configuration within the chroot should be setup to use a
different directory for the credential cache, which does exist and has
the proper permissions.
** Affects: postfix (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/1279116
Title:
Missing tmp directory for GSSAPI authentication
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1279116/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs