Re: Pam issues w/ upgrading mail server from FC3 to FC5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Craig White wrote:

>On Sun, 2006-11-12 at 15:53 -0700, Philip Prindeville wrote:
>  
>
>>Sam Varshavchik wrote:
>>
>>    
>>
>>>Philip Prindeville writes:
>>>
>>> 
>>>
>>>      
>>>
>>>>Since we reimaged our mail server (using Sendmail, Cyrus-imap, Mimedefang,
>>>>and SpamAssassin) to FC5, we've been seeing:
>>>>
>>>>Nov 10 11:13:21 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
>>>>Nov 10 11:13:21 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
>>>>Nov 10 11:56:03 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
>>>>Nov 10 11:56:03 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
>>>>Nov 10 11:56:03 mail saslauthd[2909]: Deprecated pam_stack module called from service "imap"
>>>>
>>>>in our /var/log/secure logfile.  sigh...  did I forget to do
>>>>something else when setting up the mail server following the
>>>>FC5 reimage?
>>>>   
>>>>
>>>>        
>>>>
>>>As the message says: pam_stack is deprecated.
>>>
>>>After some further poking: pam_stack has been replaced by the include 
>>>directive.  See /etc/pam.d
>>> 
>>>
>>>      
>>>
>>Ok, well, I'm looking at it:
>>
>>#%PAM-1.0
>>auth       required     pam_stack.so service=system-auth
>>account    required     pam_stack.so service=system-auth
>>
>>I'm also seeing the contents of the /usr/share/docs/cyrus-imap-*/
>>directory that references the link:
>>
>>http://www.kernel.org/pub/linux/libs/pam/FAQ
>>
>>and looking at that link, they talk about RedHat lagging behind
>>on the PAM release.
>>
>>Well, this is more than a bit confusing.  It looks like Cyrus
>>is the one lagging behind... or at least, whoever set the options
>>that the Redhat RPM's get packaged with did.
>>
>>What *should* Cyrus be using to authenticate?
>>
>>This is assuming that I don't want all users having mailboxes to
>>have entries (accounts) in /etc/passwd...  I can seed their passwords
>>manually using saslpasswd -f /etc/sasldb2 ...
>>    
>>
>----
>It depends upon setting in /etc/imapd.conf
>
># grep sasl /etc/imapd.conf
>sasl_pwcheck_method: saslauthd
>sasl_mech_list: PLAIN
>
>when cyrus uses saslauthd for authentication...
>
># cat /etc/sysconfig/saslauthd
># Directory in which to place saslauthd's listening socket, pid file,
>and so
># on.  This directory must already exist.
>SOCKETDIR=/var/run/saslauthd
>
># Mechanism to use when checking passwords.  Run "saslauthd -v" to get a
>list
># of which mechanism your installation was compiled with the ablity to
>use.
>MECH=pam
>
># Additional flags to pass to saslauthd on the command line.  See
>saslauthd(8)
># for the list of accepted flags.
>FLAGS=
>
>make sure that saslauthd service is started...
>
>/sbin/service saslauthd status
>saslauthd (pid 3233 3232 3231 3230 3219) is running...
>
>this should pretty much work.
>
>Craig
>  
>

Yeah, saslauthd is running... the config is unchanged, as above...
I've created a username with:

    saslpasswd2 -f /etc/sasldb2 -a imap -c username

Oh, did the "chown cyrus.mail /etc/sasldb2" also...

So I can't figure out what else needs to be done...  Still seeing
those messages.

-Philip


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux