[Bug 1279116] [NEW] Missing tmp directory for GSSAPI authentication
Craig G
cgallek at gmail.com
Tue Feb 11 23:05:09 UTC 2014
Public bug reported:
I had some trouble getting GSSAPI authentication in postfix working when
moving my mail system to a new machine. GSSAPI is a bit complicated
with postfix since it runs in a chroot jail. There are several guides
available for this process (in particular, getting the keytab and
krb5.conf files in the right place), and I did have it working on my
previous machine, so I was pretty sure I had the configuration correct
and that there was something wrong with the newly installed system.
Postfix was producing the following errors in the system log:
postfix/smtpd[5099]: warning: SASL authentication failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information ()
postfix/smtpd[5099]: warning: host[x.x.x.x]: SASL GSSAPI authentication failed: generic failure.
That error was not terribly useful, but strace-ing the smtpd process produced the source of the real error:
lstat("/var/tmp/smtp_118", 0x7fffcafd42f0) = -1 ENOENT (No such file or directory)
unlink("/var/tmp/smtp_118") = -1 ENOENT (No such file or directory)
open("/var/tmp/smtp_118", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600) = -1 ENOENT (No such file or directory)
unlink("/var/tmp/smtp_118") = -1 ENOENT (No such file or directory)
The process was unable to create a credential cache because the /var/tmp
directory did not exist under the chroot filesystem. Creating the
directory /var/spool/postfix/var/tmp with postfix-writeable permissions
fixed the problem and GSSAPI authentication started working.
I'm not exactly sure why the gssapi library was using /var/tmp instead
of /tmp (which didn't exist either). kerberos credentials for the rest
of my system are stored in /tmp.
I think the postfix package should be altered to include a /var/tmp
directory in the chroot file hierarchy. If that is not possible, the
gssapi configuration within the chroot should be setup to use a
different directory for the credential cache, which does exist and has
the proper permissions.
** Affects: postfix (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in Ubuntu.
https://bugs.launchpad.net/bugs/1279116
Title:
Missing tmp directory for GSSAPI authentication
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1279116/+subscriptions
More information about the Ubuntu-server-bugs
mailing list