On Sun, 2006-11-12 at 15:53 -0700, Philip Prindeville wrote: > Sam Varshavchik wrote: > > >Philip Prindeville writes: > > > > > > > >>Since we reimaged our mail server (using Sendmail, Cyrus-imap, Mimedefang, > >>and SpamAssassin) to FC5, we've been seeing: > >> > >>Nov 10 11:13:21 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap" > >>Nov 10 11:13:21 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap" > >>Nov 10 11:56:03 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap" > >>Nov 10 11:56:03 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap" > >>Nov 10 11:56:03 mail saslauthd[2909]: Deprecated pam_stack module called from service "imap" > >> > >>in our /var/log/secure logfile. sigh... did I forget to do > >>something else when setting up the mail server following the > >>FC5 reimage? > >> > >> > > > >As the message says: pam_stack is deprecated. > > > >After some further poking: pam_stack has been replaced by the include > >directive. See /etc/pam.d > > > > > > Ok, well, I'm looking at it: > > #%PAM-1.0 > auth required pam_stack.so service=system-auth > account required pam_stack.so service=system-auth > > I'm also seeing the contents of the /usr/share/docs/cyrus-imap-*/ > directory that references the link: > > http://www.kernel.org/pub/linux/libs/pam/FAQ > > and looking at that link, they talk about RedHat lagging behind > on the PAM release. > > Well, this is more than a bit confusing. It looks like Cyrus > is the one lagging behind... or at least, whoever set the options > that the Redhat RPM's get packaged with did. > > What *should* Cyrus be using to authenticate? > > This is assuming that I don't want all users having mailboxes to > have entries (accounts) in /etc/passwd... I can seed their passwords > manually using saslpasswd -f /etc/sasldb2 ... ---- It depends upon setting in /etc/imapd.conf # grep sasl /etc/imapd.conf sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN when cyrus uses saslauthd for authentication... # cat /etc/sysconfig/saslauthd # Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR=/var/run/saslauthd # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled with the ablity to use. MECH=pam # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS= make sure that saslauthd service is started... /sbin/service saslauthd status saslauthd (pid 3233 3232 3231 3230 3219) is running... this should pretty much work. Craig
