Hi Brian, AFS permissions are inherited from the parent process by fork(), so I'm sure there's no way to pass them to sqwebmaild in another process. Too bad. I fixed the problem I was having with sqwebmail 3.5.2, so I'll stick with that version.
Reading the code, I see that the sqwebmail wrapper passes environment variables then the whole HTTP socket to sqwebmaild. Superficially it doesn't seem like a big effort to get sqwebmaild to use stdin instead, then it could be a regular CGI again, no? --Noel ----- Original Message ----- From: "Brian Candler" <[EMAIL PROTECTED]> To: "Noel Burton-Krahn" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, March 24, 2004 12:27 AM Subject: Re: [sqwebmail] sqwebmail 4.0.2 as CGI instead of sqwebmaild > On Thu, Mar 18, 2004 at 11:47:34AM -0800, Noel Burton-Krahn wrote: > > I assume that sqwebmaild was made to avoid the problems of running sqwebmail > > as a setuid binary. But my setup requires that feature. I let Apache take > > care of user authentication and access control. I use Apache::AuthKrb5AFS > > so my Apache acquires KRB5 tokens and AFS permissions before executing CGI > > scripts. That lets the old CGI sqwebmail inherit AFS permission from Apache > > and access user's mail directories in AFS without having to run setuid. The > > new daemon sqwebmail can't get KRB5 tokens from Apache (since its in anoter > > process space) and thus can't get into user home dirs. > > > > So, how do I make sqwebmaild act like the old sqwebmail CGI? > > Can you define how AFS permissions are 'inherited' by the process? If they > are just strings put in environment variables, you can extend the list of > environment variables which are passed to sqwebmaild from the CGI. > > Otherwise, I think you're out of luck... > > Cheers, > > Brian. > >
