From owner-freebsd-ports Wed Aug 28 21: 0:42 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A7E937B401 for ; Wed, 28 Aug 2002 21:00:08 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE73143E4A for ; Wed, 28 Aug 2002 21:00:07 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7T407JU065952 for ; Wed, 28 Aug 2002 21:00:07 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7T406cP065950; Wed, 28 Aug 2002 21:00:06 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E946037B400 for ; Wed, 28 Aug 2002 20:59:14 -0700 (PDT) Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D72E43E3B for ; Wed, 28 Aug 2002 20:58:46 -0700 (PDT) (envelope-from admin@mail.westbend.net) Received: from mail.westbend.net (localhost [127.0.0.1]) by mail.westbend.net (8.12.5/8.12.5) with ESMTP id g7T3kBBg038881 for ; Wed, 28 Aug 2002 22:46:13 -0500 (CDT) (envelope-from admin@mail.westbend.net) Received: (from root@localhost) by mail.westbend.net (8.12.5/8.12.5/Submit) id g7T3kBNE038880; Wed, 28 Aug 2002 22:46:11 -0500 (CDT) Message-Id: <200208290346.g7T3kBNE038880@mail.westbend.net> Date: Wed, 28 Aug 2002 22:46:11 -0500 (CDT) From: "Scot W. Hetzel" Reply-To: "Scot W. Hetzel" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/42153: security/cyrus-sasl: Add example PAM file and update Sendmail.README Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 42153 >Category: ports >Synopsis: security/cyrus-sasl: Add example PAM file and update Sendmail.README >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Aug 28 21:00:05 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Scot W. Hetzel >Release: FreeBSD 4.5-STABLE i386 >Organization: West Bend Internet >Environment: System: FreeBSD wbiW009.westbend.net 4.6-STABLE FreeBSD 4.6-STABLE #0: Wed Aug 14 18:07:06 CDT 2002 root@wbiW009.westbend.net:/usr/obj/usr/src/src4/sys/GENERIC-SMP i386 >Description: - add an example PAM file for saslauthd and pwcheck_pam daemons - update the Sendmail.README file to include instructions for using the security/cyrus-sasl2 port. >How-To-Repeat: >Fix: Changed Files: Makefile pkg-plist files/Sendmail.README New Files: files/cyrus.pam Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/Makefile,v retrieving revision 1.46 diff -u -r1.46 Makefile --- Makefile 22 Aug 2002 19:13:36 -0000 1.46 +++ Makefile 29 Aug 2002 02:56:21 -0000 @@ -42,7 +42,7 @@ sasl_listmech.3 sasl_log_t.3 sasl_server_init.3 \ sasl_server_new.3 sasl_server_start.3 sasl_server_step.3 \ sasl_setprop.3 sasl_usererr.3 -MAN8= sasldblistusers.8 saslpasswd.8 saslauthd.8 +MAN8= sasldblistusers.8 saslpasswd.8 saslauthd1.8 USE_AUTOMAKE_VER=14 USE_LIBTOOL= YES @@ -99,6 +99,7 @@ GSSAPI=${GSSAPI} \ EBONES=${EBONES} \ DOCSDIR=${DOCSDIR:S/^${PREFIX}\///} \ + EXAMPLESDIR=${EXAMPLESDIR:S/^${PREFIX}\///} LDAP_MYSQL_PATCH= ldap-mysql_sasl-${PORTVERSION}/sasl-ldap+mysql.patch @@ -150,11 +151,21 @@ @${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL @if [ -f ${PREFIX}/sbin/saslauthd ]; then \ mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd2; \ + if [ -f ${PREFIX}/man/man8/saslauthd.8 ]; then \ + mv ${PREFIX}/man/man8/saslauthd.8 \ + ${PREFIX}/man/man8/saslauthd2.8; \ + elif [ -f ${PREFIX}/man/man8/saslauthd.8.gz ]; then \ + mv ${PREFIX}/man/man8/saslauthd.8.gz \ + ${PREFIX}/man/man8/saslauthd2.8.gz; \ + fi; \ fi post-install: @${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${PWCHECK_SUB} \ ${FILESDIR}/pwcheck.sh > ${PREFIX}/etc/rc.d/pwcheck.sh + @${MKDIR} ${EXAMPLESDIR} + @${SED} -e 's;%%PREFIX%%;${PREFIX};g' \ + ${FILESDIR}/cyrus.pam > ${EXAMPLESDIR}/cyrus.pam @${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh ${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck @${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${SASLAUTHD_SUB} \ @@ -174,8 +185,16 @@ @${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR} .endif @mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd1 + @mv ${PREFIX}/man/man8/saslauthd.8 ${PREFIX}/man/man8/saslauthd1.8 @if [ -f ${PREFIX}/sbin/saslauthd2 ]; then \ mv ${PREFIX}/sbin/saslauthd2 ${PREFIX}/sbin/saslauthd; \ + if [ -f ${PREFIX}/man/man8/saslauthd2.8 ]; then \ + mv ${PREFIX}/man/man8/saslauthd2.8 \ + ${PREFIX}/man/man8/saslauthd.8; \ + elif [ -f ${PREFIX}/man/man8/saslauthd2.8.gz ]; then \ + mv ${PREFIX}/man/man8/saslauthd2.8.gz \ + ${PREFIX}/man/man8/saslauthd.8.gz; \ + fi; \ fi @PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL @${CAT} ${PKGMESSAGE} Index: pkg-plist =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-plist,v retrieving revision 1.16 diff -u -r1.16 pkg-plist --- pkg-plist 14 Aug 2002 18:39:45 -0000 1.16 +++ pkg-plist 29 Aug 2002 02:49:45 -0000 @@ -43,6 +43,7 @@ sbin/pwcheck sbin/pwcheck_pam sbin/saslauthd1 +%%EXAMPLESDIR%%/cyrus.pam %%JAVASASL%%share/java/classes/sasl/CyrusSasl/ClientFactory.class %%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericClient.class %%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericCommon.class @@ -93,14 +94,14 @@ @dirrm lib/sasl @cwd /var @exec install -d -m 770 -o cyrus -g cyrus %D/pwcheck -@comment This file gets created by the pwcheck program +@comment This file is created by the pwcheck program @unexec rm -f %D/pwcheck/pwcheck @dirrm pwcheck @mode ug=rwx,o= @exec mkdir -p /var/state/saslauthd1 @exec chown -R cyrus:cyrus state @exec chmod -R o= state -@comment This file gets created by the state/saslauthd program +@comment These files are created by the saslauthd program @unexec rm -fr /var/state/saslauthd1 @unexec rmdir /var/state @cwd %%PREFIX%% Index: files/Sendmail.README =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/files/Sendmail.README,v retrieving revision 1.6 diff -u -r1.6 Sendmail.README --- files/Sendmail.README 28 Jul 2002 17:26:12 -0000 1.6 +++ files/Sendmail.README 14 Aug 2002 18:51:25 -0000 @@ -7,14 +7,25 @@ SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl - NOTE: Sendmail 8.10 - 8.11 needS -D_FFR_UNSAFE_SASL added + NOTE: 1. Sendmail 8.10 - 8.11 needS -D_FFR_UNSAFE_SASL added to SENDMAIL_CFLAGS, if you need the GroupReadableSASLFile option + Starting with Sendmail 8.12, you can also use the security/cyrus-sasl2 + port. Then you will not need the SASL V1 port installed. + + SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 + SENDMAIL_LDFLAGS=-L/usr/local/lib + SENDMAIL_LDADD=-lsasl2 + + 2) Rebuild FreeBSD (make buildworld, ...) -3) Create /usr/local/lib/sasl/Sendmail.conf with the following. +3) Make sure that the pwcheck_method is correct in Sendmail.conf. - pwcheck_method: pwcheck + Sendmail.conf (${PREFIX}/lib/sasl{,2}/Sendmail.conf) is created by + the cyrus-sasl and cyrus-sasl2 ports during installation. It may have + pwcheck_method set to either pwcheck (V1 only) or saslauthd (V1 & V2) by + default. Change this to what is appropriate for your site. 4) Add the following to your sendmail.mc file: @@ -44,7 +55,8 @@ PLAIN is required for Netscape Communicator users. By default Netscape Communicator will use SASL Authentication when sendmail is compiled with - SASL. + SASL and will cause your users to enter their passwords each time they + retreive their mail (NS 4.7). The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you are using cyrus-imapd and sendmail on the same server that requires access Index: files/cyrus.pam =================================================================== RCS file: files/cyrus.pam diff -N files/cyrus.pam --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/cyrus.pam 29 Aug 2002 02:46:28 -0000 @@ -0,0 +1,18 @@ +# +# $FreeBSD$ +# +# PAM configuration for the "cyrus" service +# Copy this file to /etc/pam.d/cyrus +# + +# auth +#auth required pam_nologin.so no_warn +#auth sufficient %%PREFIX%%/lib/pam_ldap.so nowarn +#auth sufficient pam_opie.so no_warn no_fake_prompts +#auth requisite pam_opieaccess.so no_warn +#auth required pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +#account sufficient %%PREFIX%%/lib/pam_ldap.so +account required pam_unix.so >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message