Date: Fri, 11 Oct 2002 11:44:23 -0500 From: "Scot W. Hetzel" <hetzels@westbend.net> To: "Joseph Scott" <joseph@randomnetworks.com>, "Pavel A Crasotin" <pavel@ctk.ru> Cc: <freebsd-stable@FreeBSD.ORG> Subject: Re: Cyrus+pam_radius. How to make work? Message-ID: <025601c27145$7f1722e0$12fd2fd8@Admin01> References: <Pine.BSF.4.21.0201300453290.4204-100000@pebkac.owp.csus.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Joseph Scott" <joseph@randomnetworks.com>
> # Hi
> #
> # I'v a asked in cyrus-info but seems none knows why cyrus-imap 2.0.16
> # (cyrus-sasl-1.15.27) dont work with pam_radius.
> #
> # Can anyone help me?
>
> Just in case no one has answered this.
>
> The trick is to make the pwcheck daemon support PAM. The current
> version of the cyrus-sasl port has an option to build a PAM version of
> pwcheck. Before that there was a patch that did it in a slightly
> different way.
>
The security/cyrus-sasl port installs 2 pwcheck daemons (pwcheck, and
pwcheck_pam), all you need to do is add:
sasl_pwcheck_enable=yes
sasl_pwcheck_program=PREFIX/sbin/pwcheck_pam
sasl_saslauthd1_enable=no
to your /etc/rc.conf file and then to start the pwcheck daemon use:
PREFIX/etc/rc.d/pwcheck.sh start.
Also the pwcheck daemon has been depreciated in favor of a general password
checking daemon (saslauthd). The security/cyrus-sasl port installs
saslauthd as the default password checking daemon. By default it uses PAM
to check passwords. You will also need to added a cyrus service to the
/etc/pam.conf file or copy PREFIX/share/example/cyrus-sasl/cyrus.pam to
/etc/pam.d/cyrus.
Scot
Maintainer of security/cyrus-sasl port
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?025601c27145$7f1722e0$12fd2fd8>