From owner-freebsd-ports@FreeBSD.ORG Tue Apr 26 15:24:48 2005 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF97916A4CE for ; Tue, 26 Apr 2005 15:24:48 +0000 (GMT) Received: from dppl.com (sapas.dppl.net [216.182.10.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6FD0143D45 for ; Tue, 26 Apr 2005 15:24:48 +0000 (GMT) (envelope-from yds@CoolRat.org) Received: from [192.168.1.69] (pcp0011284575pcs.union01.nj.comcast.net [69.248.144.22]) (AUTH: PLAIN yds, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by dppl.com with esmtp; Tue, 26 Apr 2005 11:24:47 -0400 Date: Tue, 26 Apr 2005 11:24:47 -0400 From: Yarema To: Jose M Rodriguez , Oliver Lehmann Message-ID: <6309B48EABE0AB085E8EC642@tuber.coolrat.org> In-Reply-To: <200504261633.30262.josemi@redesjm.local> References: <20050425171119.59ad98b7.lehmann@ans-netz.de> <200504261602.16471.josemi@redesjm.local> <2C4B5E66C964EB3FE9F69526@tuber.coolrat.org> <200504261633.30262.josemi@redesjm.local> X-Mailer: Mulberry/3.1.6 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline cc: ports@FreeBSD.org cc: Milan Obuch Subject: Re: splitting courier-authlib into master+slave ports X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2005 15:24:49 -0000 --On Tuesday, April 26, 2005 16:33:28 +0200 Jose M Rodriguez=20 wrote: > El Martes, 26 de Abril de 2005 16:25, Yarema escribi=F3: >> --On Tuesday, April 26, 2005 16:02:15 +0200 Jose M Rodriguez >> >> wrote: >> > El Martes, 26 de Abril de 2005 15:32, Oliver Lehmann escribi=F3: >> >> Milan Obuch wrote: >> >> > Issue with ldconfig seems not to be solved to me. Any idea? >> >> > Milan >> >> >> >> right, courier-authlib works, but the path got not registered for >> >> ldconfig permanently. >> >> >> >> >> >> root@curry courier-authlib> ldconfig -vr >> >> /var/run/ld-elf.so.hints: >> >> search directories: >> >> /lib:/usr/lib:/usr/lib/compat:/usr/local/lib:/ >> >> usr/local/lib/courier-authlib:/usr/local/lib/mysql >> >> >> >> reboot... >> >> >> >> >> >> root@curry olivleh1> ldconfig -vr >> >> /var/run/ld-elf.so.hints: >> >> search directories: >> >> /lib:/usr/lib:/usr/lib/compat:/usr/local/lib:/ usr/local/lib/mysql >> >> >> >> But that is like it is now. With mail/courier-authlib like it is >> >> now, the same thing happens. >> >> >> >> >> >> I'm not really shure why this happens since >> >> >> >> root@curry courier-authlib-mysql> make -VLDCONFIG_DIRS >> >> %%PREFIX%%/lib/courier-authlib >> >> >> >> >> >> works... I'll take a look for that error. If I don't find anything >> >> I'll commit w/o fixing it right now. >> > >> > I can see the correct ldconfig lines recorded in +CONTENTS, but >> > also I can reproduce the ldconfig -vr output. >> > >> > In any case, authdaemond start ok, but claims that it can't load >> > the modules in modulelist I not installed. >> > >> > I you like, try to get authdaemonrc.dist more closer to the ports >> > behavior: only put authpam in the modulelist (what -base install) >> > This is made in the Makefile (reimplace). At last supress authpwd. >> > >> > And..., can you work a quick pkg-message or UPDATING note on the >> > need to tweak authdaemonrc to polite oper? >> >> The documentaion at >> says: >> >> ~~~~~ >> The configuration file /usr/local/etc/authlib/authdaemonrc contains >> several settings. The most important of them are: >> >> A list of authentication modules to activate. By default, this list >> includes all available authentication modules, even if some are not >> actually installed at the moment. When the authentication library is >> set up, only those authentication modules that can be supported by >> the operating system will be installed. Some of the listed modules >> may not actually be there, however that's not a problem. Any >> unavailable authentication modules will be ignored. Also, on some >> platforms certain authentication modules are installed by optional >> sub-packages. Installing the sub-package is the only action needed to >> make use of it. >> >> The only time the list of authentication modules need to be adjusted >> is when an available authentication module must be disabled for some >> reason. This should only be needed in the most unusual circumstances. >> ~~~~~ >> >> Which I take to mean that authdaemond complaining about modules it >> cannot load at startup can be safely ignored. authpwd should >> definitely not be there anymore. But authmodulelist should include >> all the plugin modules which we support and as the comment referring >> to authmodulelist in authdaemonrc suggests "You may selectively >> disable modules simply by removing them from the following list." In >> any case authmodulelistorig needs to contain all the modules we >> support and should never be modified. >> >> This is just a matter of RTFM for the user before firing up >> courier-authlib. The staretup messages are mere warning and if they >> are an eyesore we can redirect them to >/dev/null 2>&1 in the startup >> script. > > The problem is that 'out of the box' this goes to /var/log/maillog with > some precious FATAL on it. Perhaps needs to change them FATAL messages to INFO = or WARNING to comply with his own documentation and rpm packaging=20 methodology... :) > In any case I'm with you, supress only authpwd (we not install it in any > case) and make some warning about this and the convenience to tweak > authdaemonrc. > > And UPDATING entry with do the task. Agreed. Actually going through the documentation our out-of-the-box=20 settings in authdaemonrc should be: authmodulelist=3D"authcram authuserdb authvchkpw authpam authldap authmysql = authpgsql" authmodulelistorig=3D"authcram authuserdb authvchkpw authpam authldap=20 authmysql authpgsql" in that order. authcram is part of userdb and needs to be listed first.=20 Then authuserdb gets tried then authvchkpw and if none of them are=20 available or configured then authpam tries to see if there's a system=20 account. authldap authmysql authpgsql need to stay at the end because as=20 noted at the bottom of=20 : ~~~~~ authdaemond tries each of the configured authentication modules in turn,=20 until either one accepts the login, or they have all rejected it (in which=20 case the usual "Login failed" error is returned, and the user can try=20 again). However, if one of these modules is unable to run because some resource is=20 not available, then it gives a "temporary failure" response and no further=20 modules are tried. You should find the exact cause in your mail logs, but=20 typically it means that you have a module like 'authmysql' in your module=20 list, but the mysql database is not running. So unless you actually do have account data in mysql (in which case you=20 need to fix your mysql setup), you should remove 'authmysql' and any other=20 modules you do not use from authmodulelist in authdaemonrc. ~~~~~ --=20 Yarema http://yds.CoolRat.org