From owner-freebsd-questions@FreeBSD.ORG Thu Jan 10 22:18:09 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1E41F16A418 for ; Thu, 10 Jan 2008 22:18:09 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from smtp3.utdallas.edu (smtp3.utdallas.edu [129.110.10.49]) by mx1.freebsd.org (Postfix) with ESMTP id 05C8713C455 for ; Thu, 10 Jan 2008 22:18:08 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from utd59514.utdallas.edu (utd59514.utdallas.edu [129.110.3.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp3.utdallas.edu (Postfix) with ESMTP id 9EB3065504 for ; Thu, 10 Jan 2008 16:18:08 -0600 (CST) Date: Thu, 10 Jan 2008 16:18:08 -0600 From: Paul Schmehl To: FreeBSD Question Message-ID: <227FB5FB55C98E9260A25393@utd59514.utdallas.edu> In-Reply-To: <20080110170103.64c7c4fe@scorpio> References: <478583BF.6090406@grasslake.net> <20080110064345.GF70027@roo.7f000001.org> <47867597.2070800@grasslake.net> <141D87EE051918F290E96172@utd59514.utdallas.edu> <47869239.5030009@grasslake.net> <20080110170103.64c7c4fe@scorpio> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: Postfix with Cyrus SASL X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jan 2008 22:18:09 -0000 --On Thursday, January 10, 2008 17:01:03 -0500 Gerard wrote: > On Thu, 10 Jan 2008 15:46:33 -0600 > Shawn Barnhart wrote: > >> Paul Schmehl wrote: >> > It should, because it calls this: >> > >> > .if defined(WITH_SASL2) >> > LIB_DEPENDS+= sasl2.2:${PORTSDIR}/security/cyrus-sasl2 >> > POSTFIX_CCARGS+= -DUSE_SASL_AUTH -DUSE_CYRUS_SASL >> > -I${LOCALBASE}/include -I${LOCALBASE}/include/sasl >> > POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lsasl2 -lpam -lcrypt >> > .endif >> > >> > Yes, you need to install saslauthd, however, if you checked the >> > OPTION when you installed Postfix, it's most likely already >> > installed. You *also* need to enable saslauthd in /etc/rc.conf: >> > >> > [root@mail /usr/ports/mail/postfix]# grep sasl /etc/rc.conf >> > saslauthd_enable="YES" >> > saslauthd_flags=" -a pam -n 2" >> > >> > (This uses /etc/passwd through pam, btw.) >> > >> > Look at /usr/local/etc/rc.d/saslauthd.sh for the options and flags >> > available or read man (8) saslauthd. >> > >> >> Either I'm totally fubar, or the ports snapshot I have is braindead >> as I did select the SASL option when I built postfix and I have sasl >> libs in /usr/local/lib and /usr/local/lib/sasl2 but none of the other >> sasl components are installed. No saslauthd in /usr/local/etc/rc.d, >> no manpage, just libraries mentioned above, and my postfix smtpd does >> appear to have a sasl library run-time dependency per ldd. >> >> Is the better fix to manually re-install the same Cyrus sasl port or >> deinstall both it and postfix and rebuild postfix with the sasl >> option and hope I get a complete build? > > It has been awhile; however, if I remember correctly, the 'saslauthd' > daemon is not installed by Postfix. I think you are confusing this with > SASL in general. You might want to read the 'Complete Book of Postfix" > for further information on getting SASL up and running. BTW, unless it > has changes, 'saslauthd' only handles plain text authentication. I think you're right. It's been a while for me as well, but looking at ports I see that there's a totally separate cyrus-sasl2-saslauthd port, and it doesn't appear to be a dependency for postfix. I think saslauthd will handle kerberos as well as plaintext, but most people use plaintext and then ssl-ize postfix to encrypt the session. -- Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/