Date: Thu, 10 Jan 2008 16:18:08 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: FreeBSD Question <freebsd-questions@freebsd.org> Subject: Re: Postfix with Cyrus SASL Message-ID: <227FB5FB55C98E9260A25393@utd59514.utdallas.edu> In-Reply-To: <20080110170103.64c7c4fe@scorpio> References: <478583BF.6090406@grasslake.net> <20080110064345.GF70027@roo.7f000001.org> <47867597.2070800@grasslake.net> <141D87EE051918F290E96172@utd59514.utdallas.edu> <47869239.5030009@grasslake.net> <20080110170103.64c7c4fe@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Thursday, January 10, 2008 17:01:03 -0500 Gerard <gerard@seibercom.net>
wrote:
> On Thu, 10 Jan 2008 15:46:33 -0600
> Shawn Barnhart <swb@grasslake.net> wrote:
>
>> Paul Schmehl wrote:
>> > It should, because it calls this:
>> >
>> > .if defined(WITH_SASL2)
>> > LIB_DEPENDS+= sasl2.2:${PORTSDIR}/security/cyrus-sasl2
>> > POSTFIX_CCARGS+= -DUSE_SASL_AUTH -DUSE_CYRUS_SASL
>> > -I${LOCALBASE}/include -I${LOCALBASE}/include/sasl
>> > POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lsasl2 -lpam -lcrypt
>> > .endif
>> >
>> > Yes, you need to install saslauthd, however, if you checked the
>> > OPTION when you installed Postfix, it's most likely already
>> > installed. You *also* need to enable saslauthd in /etc/rc.conf:
>> >
>> > [root@mail /usr/ports/mail/postfix]# grep sasl /etc/rc.conf
>> > saslauthd_enable="YES"
>> > saslauthd_flags=" -a pam -n 2"
>> >
>> > (This uses /etc/passwd through pam, btw.)
>> >
>> > Look at /usr/local/etc/rc.d/saslauthd.sh for the options and flags
>> > available or read man (8) saslauthd.
>> >
>>
>> Either I'm totally fubar, or the ports snapshot I have is braindead
>> as I did select the SASL option when I built postfix and I have sasl
>> libs in /usr/local/lib and /usr/local/lib/sasl2 but none of the other
>> sasl components are installed. No saslauthd in /usr/local/etc/rc.d,
>> no manpage, just libraries mentioned above, and my postfix smtpd does
>> appear to have a sasl library run-time dependency per ldd.
>>
>> Is the better fix to manually re-install the same Cyrus sasl port or
>> deinstall both it and postfix and rebuild postfix with the sasl
>> option and hope I get a complete build?
>
> It has been awhile; however, if I remember correctly, the 'saslauthd'
> daemon is not installed by Postfix. I think you are confusing this with
> SASL in general. You might want to read the 'Complete Book of Postfix"
> for further information on getting SASL up and running. BTW, unless it
> has changes, 'saslauthd' only handles plain text authentication.
I think you're right. It's been a while for me as well, but looking at ports I
see that there's a totally separate cyrus-sasl2-saslauthd port, and it doesn't
appear to be a dependency for postfix.
I think saslauthd will handle kerberos as well as plaintext, but most people
use plaintext and then ssl-ize postfix to encrypt the session.
--
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?227FB5FB55C98E9260A25393>