Re: Pam issues w/ upgrading mail server from FC3 to FC5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2006-11-12 at 15:53 -0700, Philip Prindeville wrote:
> Sam Varshavchik wrote:
> 
> >Philip Prindeville writes:
> >
> >  
> >
> >>Since we reimaged our mail server (using Sendmail, Cyrus-imap, Mimedefang,
> >>and SpamAssassin) to FC5, we've been seeing:
> >>
> >>Nov 10 11:13:21 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
> >>Nov 10 11:13:21 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
> >>Nov 10 11:56:03 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
> >>Nov 10 11:56:03 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
> >>Nov 10 11:56:03 mail saslauthd[2909]: Deprecated pam_stack module called from service "imap"
> >>
> >>in our /var/log/secure logfile.  sigh...  did I forget to do
> >>something else when setting up the mail server following the
> >>FC5 reimage?
> >>    
> >>
> >
> >As the message says: pam_stack is deprecated.
> >
> >After some further poking: pam_stack has been replaced by the include 
> >directive.  See /etc/pam.d
> >  
> >
> 
> Ok, well, I'm looking at it:
> 
> #%PAM-1.0
> auth       required     pam_stack.so service=system-auth
> account    required     pam_stack.so service=system-auth
> 
> I'm also seeing the contents of the /usr/share/docs/cyrus-imap-*/
> directory that references the link:
> 
> http://www.kernel.org/pub/linux/libs/pam/FAQ
> 
> and looking at that link, they talk about RedHat lagging behind
> on the PAM release.
> 
> Well, this is more than a bit confusing.  It looks like Cyrus
> is the one lagging behind... or at least, whoever set the options
> that the Redhat RPM's get packaged with did.
> 
> What *should* Cyrus be using to authenticate?
> 
> This is assuming that I don't want all users having mailboxes to
> have entries (accounts) in /etc/passwd...  I can seed their passwords
> manually using saslpasswd -f /etc/sasldb2 ...
----
It depends upon setting in /etc/imapd.conf

# grep sasl /etc/imapd.conf
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN

when cyrus uses saslauthd for authentication...

# cat /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file,
and so
# on.  This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a
list
# of which mechanism your installation was compiled with the ablity to
use.
MECH=pam

# Additional flags to pass to saslauthd on the command line.  See
saslauthd(8)
# for the list of accepted flags.
FLAGS=

make sure that saslauthd service is started...

/sbin/service saslauthd status
saslauthd (pid 3233 3232 3231 3230 3219) is running...

this should pretty much work.

Craig


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux