Date: Thu, 25 Sep 2014 17:04:24 +0200 From: Dimitry Andric <dim@FreeBSD.org> To: tundra@tundraware.com Cc: FreeBSD stable <freebsd-stable@freebsd.org>, =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@FreeBSD.org> Subject: Re: 10.1 BETA2 World - Breaks saslauthd Message-ID: <3DA4B666-AB81-4F25-ABAE-DDC163F41E20@FreeBSD.org> In-Reply-To: <b492e700f57a52e21f7755e6d01bd863.squirrel@www.tundraware.com> References: <b492e700f57a52e21f7755e6d01bd863.squirrel@www.tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_B0D47E19-7B95-4D1F-AF1A-6324FA113E38 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 25 Sep 2014, at 16:54, Tim Daneliuk <tundra@tundraware.com> wrote: > I've seen this behavior over the last week or two when I try to = upgrade > to latest stable sources. Currently just installed kernel and world = for: >=20 > /usr/src>svn info > Path: . > Working Copy Root Path: /usr/src > URL: svn://svn.freebsd.org/base/stable/10 > Relative URL: ^/stable/10 > Repository Root: svn://svn.freebsd.org/base > Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f > Revision: 272095 > Node Kind: directory > Schedule: normal > Last Changed Author: peter > Last Changed Rev: 272078 > Last Changed Date: 2014-09-24 14:30:36 -0500 (Wed, 24 Sep 2014) >=20 > This breaks saslauthd - it demands a password when sending mail, but = then > rejects it in every case. >=20 > If I just install a new kernel, everything is fine. But if I install > world, that's when the problem shows up. I've tried a full reinstall = of > cygnus sasls and the daemon is running. >=20 > Ideas on how to chase this down/fix, would be appreciated... It is probably caused by this MFC: = http://svnweb.freebsd.org/changeset/base/271766 To make saslauthd work again, you need to specify a correct PAM policy file in /usr/local/etc/pam.d for your service, most likely "smtp" in this case. E.g., create a file /usr/local/etc/pam.d/smtp, containing at least: auth required pam_unix.so no_warn = try_first_pass account required pam_unix.so session required pam_permit.so password required pam_permit.so Optionally, add a line: auth required pam_group.so luser = group=3Dsmtp-users fail_safe to allow only members of the smtp-users group to authenticate successfully. -Dimitry --Apple-Mail=_B0D47E19-7B95-4D1F-AF1A-6324FA113E38 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlQkLwEACgkQsF6jCi4glqMMuwCfU+JtTD/2d5kfZmhnOrYF3Wam XbkAoOBMxBQG1VlthYoVJoWz+dGgEJFI =oFQb -----END PGP SIGNATURE----- --Apple-Mail=_B0D47E19-7B95-4D1F-AF1A-6324FA113E38--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DA4B666-AB81-4F25-ABAE-DDC163F41E20>