Date: Thu, 10 Jan 2008 16:18:08 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: FreeBSD Question <freebsd-questions@freebsd.org> Subject: Re: Postfix with Cyrus SASL Message-ID: <227FB5FB55C98E9260A25393@utd59514.utdallas.edu> In-Reply-To: <20080110170103.64c7c4fe@scorpio> References: <478583BF.6090406@grasslake.net> <20080110064345.GF70027@roo.7f000001.org> <47867597.2070800@grasslake.net> <141D87EE051918F290E96172@utd59514.utdallas.edu> <47869239.5030009@grasslake.net> <20080110170103.64c7c4fe@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Thursday, January 10, 2008 17:01:03 -0500 Gerard <gerard@seibercom.net> wrote: > On Thu, 10 Jan 2008 15:46:33 -0600 > Shawn Barnhart <swb@grasslake.net> wrote: > >> Paul Schmehl wrote: >> > It should, because it calls this: >> > >> > .if defined(WITH_SASL2) >> > LIB_DEPENDS+= sasl2.2:${PORTSDIR}/security/cyrus-sasl2 >> > POSTFIX_CCARGS+= -DUSE_SASL_AUTH -DUSE_CYRUS_SASL >> > -I${LOCALBASE}/include -I${LOCALBASE}/include/sasl >> > POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lsasl2 -lpam -lcrypt >> > .endif >> > >> > Yes, you need to install saslauthd, however, if you checked the >> > OPTION when you installed Postfix, it's most likely already >> > installed. You *also* need to enable saslauthd in /etc/rc.conf: >> > >> > [root@mail /usr/ports/mail/postfix]# grep sasl /etc/rc.conf >> > saslauthd_enable="YES" >> > saslauthd_flags=" -a pam -n 2" >> > >> > (This uses /etc/passwd through pam, btw.) >> > >> > Look at /usr/local/etc/rc.d/saslauthd.sh for the options and flags >> > available or read man (8) saslauthd. >> > >> >> Either I'm totally fubar, or the ports snapshot I have is braindead >> as I did select the SASL option when I built postfix and I have sasl >> libs in /usr/local/lib and /usr/local/lib/sasl2 but none of the other >> sasl components are installed. No saslauthd in /usr/local/etc/rc.d, >> no manpage, just libraries mentioned above, and my postfix smtpd does >> appear to have a sasl library run-time dependency per ldd. >> >> Is the better fix to manually re-install the same Cyrus sasl port or >> deinstall both it and postfix and rebuild postfix with the sasl >> option and hope I get a complete build? > > It has been awhile; however, if I remember correctly, the 'saslauthd' > daemon is not installed by Postfix. I think you are confusing this with > SASL in general. You might want to read the 'Complete Book of Postfix" > for further information on getting SASL up and running. BTW, unless it > has changes, 'saslauthd' only handles plain text authentication. I think you're right. It's been a while for me as well, but looking at ports I see that there's a totally separate cyrus-sasl2-saslauthd port, and it doesn't appear to be a dependency for postfix. I think saslauthd will handle kerberos as well as plaintext, but most people use plaintext and then ssl-ize postfix to encrypt the session. -- Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?227FB5FB55C98E9260A25393>