Public bug reported: I had some trouble getting GSSAPI authentication in postfix working when moving my mail system to a new machine. GSSAPI is a bit complicated with postfix since it runs in a chroot jail. There are several guides available for this process (in particular, getting the keytab and krb5.conf files in the right place), and I did have it working on my previous machine, so I was pretty sure I had the configuration correct and that there was something wrong with the newly installed system.
Postfix was producing the following errors in the system log: postfix/smtpd[5099]: warning: SASL authentication failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information () postfix/smtpd[5099]: warning: host[x.x.x.x]: SASL GSSAPI authentication failed: generic failure. That error was not terribly useful, but strace-ing the smtpd process produced the source of the real error: lstat("/var/tmp/smtp_118", 0x7fffcafd42f0) = -1 ENOENT (No such file or directory) unlink("/var/tmp/smtp_118") = -1 ENOENT (No such file or directory) open("/var/tmp/smtp_118", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600) = -1 ENOENT (No such file or directory) unlink("/var/tmp/smtp_118") = -1 ENOENT (No such file or directory) The process was unable to create a credential cache because the /var/tmp directory did not exist under the chroot filesystem. Creating the directory /var/spool/postfix/var/tmp with postfix-writeable permissions fixed the problem and GSSAPI authentication started working. I'm not exactly sure why the gssapi library was using /var/tmp instead of /tmp (which didn't exist either). kerberos credentials for the rest of my system are stored in /tmp. I think the postfix package should be altered to include a /var/tmp directory in the chroot file hierarchy. If that is not possible, the gssapi configuration within the chroot should be setup to use a different directory for the credential cache, which does exist and has the proper permissions. ** Affects: postfix (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in Ubuntu. https://bugs.launchpad.net/bugs/1279116 Title: Missing tmp directory for GSSAPI authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1279116/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs