Date: Wed, 28 Aug 2002 22:46:11 -0500 (CDT) From: "Scot W. Hetzel" <hetzels@westbend.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/42153: security/cyrus-sasl: Add example PAM file and update Sendmail.README Message-ID: <200208290346.g7T3kBNE038880@mail.westbend.net>
next in thread | raw e-mail | index | archive | help
>Number: 42153
>Category: ports
>Synopsis: security/cyrus-sasl: Add example PAM file and update Sendmail.README
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Wed Aug 28 21:00:05 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Scot W. Hetzel
>Release: FreeBSD 4.5-STABLE i386
>Organization:
West Bend Internet
>Environment:
System:
FreeBSD wbiW009.westbend.net 4.6-STABLE FreeBSD 4.6-STABLE #0: Wed Aug 14 18:07:06 CDT 2002 root@wbiW009.westbend.net:/usr/obj/usr/src/src4/sys/GENERIC-SMP i386
>Description:
- add an example PAM file for saslauthd and pwcheck_pam daemons
- update the Sendmail.README file to include instructions for
using the security/cyrus-sasl2 port.
>How-To-Repeat:
>Fix:
Changed Files:
Makefile
pkg-plist
files/Sendmail.README
New Files:
files/cyrus.pam
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/Makefile,v
retrieving revision 1.46
diff -u -r1.46 Makefile
--- Makefile 22 Aug 2002 19:13:36 -0000 1.46
+++ Makefile 29 Aug 2002 02:56:21 -0000
@@ -42,7 +42,7 @@
sasl_listmech.3 sasl_log_t.3 sasl_server_init.3 \
sasl_server_new.3 sasl_server_start.3 sasl_server_step.3 \
sasl_setprop.3 sasl_usererr.3
-MAN8= sasldblistusers.8 saslpasswd.8 saslauthd.8
+MAN8= sasldblistusers.8 saslpasswd.8 saslauthd1.8
USE_AUTOMAKE_VER=14
USE_LIBTOOL= YES
@@ -99,6 +99,7 @@
GSSAPI=${GSSAPI} \
EBONES=${EBONES} \
DOCSDIR=${DOCSDIR:S/^${PREFIX}\///} \
+ EXAMPLESDIR=${EXAMPLESDIR:S/^${PREFIX}\///}
LDAP_MYSQL_PATCH= ldap-mysql_sasl-${PORTVERSION}/sasl-ldap+mysql.patch
@@ -150,11 +151,21 @@
@${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
@if [ -f ${PREFIX}/sbin/saslauthd ]; then \
mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd2; \
+ if [ -f ${PREFIX}/man/man8/saslauthd.8 ]; then \
+ mv ${PREFIX}/man/man8/saslauthd.8 \
+ ${PREFIX}/man/man8/saslauthd2.8; \
+ elif [ -f ${PREFIX}/man/man8/saslauthd.8.gz ]; then \
+ mv ${PREFIX}/man/man8/saslauthd.8.gz \
+ ${PREFIX}/man/man8/saslauthd2.8.gz; \
+ fi; \
fi
post-install:
@${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${PWCHECK_SUB} \
${FILESDIR}/pwcheck.sh > ${PREFIX}/etc/rc.d/pwcheck.sh
+ @${MKDIR} ${EXAMPLESDIR}
+ @${SED} -e 's;%%PREFIX%%;${PREFIX};g' \
+ ${FILESDIR}/cyrus.pam > ${EXAMPLESDIR}/cyrus.pam
@${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh
${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck
@${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${SASLAUTHD_SUB} \
@@ -174,8 +185,16 @@
@${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR}
.endif
@mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd1
+ @mv ${PREFIX}/man/man8/saslauthd.8 ${PREFIX}/man/man8/saslauthd1.8
@if [ -f ${PREFIX}/sbin/saslauthd2 ]; then \
mv ${PREFIX}/sbin/saslauthd2 ${PREFIX}/sbin/saslauthd; \
+ if [ -f ${PREFIX}/man/man8/saslauthd2.8 ]; then \
+ mv ${PREFIX}/man/man8/saslauthd2.8 \
+ ${PREFIX}/man/man8/saslauthd.8; \
+ elif [ -f ${PREFIX}/man/man8/saslauthd2.8.gz ]; then \
+ mv ${PREFIX}/man/man8/saslauthd2.8.gz \
+ ${PREFIX}/man/man8/saslauthd.8.gz; \
+ fi; \
fi
@PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
@${CAT} ${PKGMESSAGE}
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-plist,v
retrieving revision 1.16
diff -u -r1.16 pkg-plist
--- pkg-plist 14 Aug 2002 18:39:45 -0000 1.16
+++ pkg-plist 29 Aug 2002 02:49:45 -0000
@@ -43,6 +43,7 @@
sbin/pwcheck
sbin/pwcheck_pam
sbin/saslauthd1
+%%EXAMPLESDIR%%/cyrus.pam
%%JAVASASL%%share/java/classes/sasl/CyrusSasl/ClientFactory.class
%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericClient.class
%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericCommon.class
@@ -93,14 +94,14 @@
@dirrm lib/sasl
@cwd /var
@exec install -d -m 770 -o cyrus -g cyrus %D/pwcheck
-@comment This file gets created by the pwcheck program
+@comment This file is created by the pwcheck program
@unexec rm -f %D/pwcheck/pwcheck
@dirrm pwcheck
@mode ug=rwx,o=
@exec mkdir -p /var/state/saslauthd1
@exec chown -R cyrus:cyrus state
@exec chmod -R o= state
-@comment This file gets created by the state/saslauthd program
+@comment These files are created by the saslauthd program
@unexec rm -fr /var/state/saslauthd1
@unexec rmdir /var/state
@cwd %%PREFIX%%
Index: files/Sendmail.README
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/files/Sendmail.README,v
retrieving revision 1.6
diff -u -r1.6 Sendmail.README
--- files/Sendmail.README 28 Jul 2002 17:26:12 -0000 1.6
+++ files/Sendmail.README 14 Aug 2002 18:51:25 -0000
@@ -7,14 +7,25 @@
SENDMAIL_LDFLAGS+= -L/usr/local/lib
SENDMAIL_LDADD+= -lsasl
- NOTE: Sendmail 8.10 - 8.11 needS -D_FFR_UNSAFE_SASL added
+ NOTE: 1. Sendmail 8.10 - 8.11 needS -D_FFR_UNSAFE_SASL added
to SENDMAIL_CFLAGS, if you need the GroupReadableSASLFile option
+ Starting with Sendmail 8.12, you can also use the security/cyrus-sasl2
+ port. Then you will not need the SASL V1 port installed.
+
+ SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
+ SENDMAIL_LDFLAGS=-L/usr/local/lib
+ SENDMAIL_LDADD=-lsasl2
+
+
2) Rebuild FreeBSD (make buildworld, ...)
-3) Create /usr/local/lib/sasl/Sendmail.conf with the following.
+3) Make sure that the pwcheck_method is correct in Sendmail.conf.
- pwcheck_method: pwcheck
+ Sendmail.conf (${PREFIX}/lib/sasl{,2}/Sendmail.conf) is created by
+ the cyrus-sasl and cyrus-sasl2 ports during installation. It may have
+ pwcheck_method set to either pwcheck (V1 only) or saslauthd (V1 & V2) by
+ default. Change this to what is appropriate for your site.
4) Add the following to your sendmail.mc file:
@@ -44,7 +55,8 @@
PLAIN is required for Netscape Communicator users. By default Netscape
Communicator will use SASL Authentication when sendmail is compiled with
- SASL.
+ SASL and will cause your users to enter their passwords each time they
+ retreive their mail (NS 4.7).
The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you
are using cyrus-imapd and sendmail on the same server that requires access
Index: files/cyrus.pam
===================================================================
RCS file: files/cyrus.pam
diff -N files/cyrus.pam
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/cyrus.pam 29 Aug 2002 02:46:28 -0000
@@ -0,0 +1,18 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "cyrus" service
+# Copy this file to /etc/pam.d/cyrus
+#
+
+# auth
+#auth required pam_nologin.so no_warn
+#auth sufficient %%PREFIX%%/lib/pam_ldap.so nowarn
+#auth sufficient pam_opie.so no_warn no_fake_prompts
+#auth requisite pam_opieaccess.so no_warn
+#auth required pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+#account sufficient %%PREFIX%%/lib/pam_ldap.so
+account required pam_unix.so
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208290346.g7T3kBNE038880>