"DR" == David Rankin <rankind(_at_)us(_dot_)ibm(_dot_)com> writes:
DR> I've been working on getting procmail to work and deliver Email
DR> correctly for our DCE/DFS cell, and I've hit one snag. The DCE ticket
DR> cache file on disk must be owned by the same userID as the process is
DR> running under, or DCE authentication won't work. I tried to make
DR> setids() do a chown for each setuid, but when attempting to write to
DR> our DFS home directory it loses track of the ticket cache file. (As an
DR> interesting aside, when I change my home directory to be my AFS mail
DR> directory, the DCE ticket cache file is not lost. We suspect it's a
DR> side-effect of the number of uid changes.)
DR> Has anyone faced this (or a similar) issue? If so, I'd greatly
DR> appreciate it if you could explain your workaround. I'd also appreciate
DR> getting a copy of any replies to this thread, as I'm in the process of
DR> subscribing to the list now.
Hi,
We're using procmail to deliver mail to home directories in DFS.
We wrote a wrapper called auth_procmail. This wrapper gets DCE root creds
and then runs procmail. This may be a bit extreme but it was the way we
got it to work.
Paul Henson has a different scheme that goes something like this: The
mailbox is group owned by "mailman" and has group write permissions. Then
sendmail (or procmail) runs setgid mailman. mailman is a DCE-group with
"self" credentials.
Paul one of the folks behind CSU Pomona's DCE cell. He can provide a
better description. Here's a URL:
http://www.csupomona.edu/intranet/
--
Mark Plaksin http://www.arches.uga.edu/~happy/