From owner-freebsd-stable@FreeBSD.ORG Thu Sep 25 15:04:51 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 350F29A8; Thu, 25 Sep 2014 15:04:51 +0000 (UTC) Received: from tensor.andric.com (tensor.andric.com [87.251.56.140]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "tensor.andric.com", Issuer "CAcert Class 3 Root" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E4EFBAD6; Thu, 25 Sep 2014 15:04:50 +0000 (UTC) Received: from [192.168.2.2] (unknown [77.243.161.229]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id 9F0ECB80A; Thu, 25 Sep 2014 17:04:41 +0200 (CEST) Subject: Re: 10.1 BETA2 World - Breaks saslauthd Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Content-Type: multipart/signed; boundary="Apple-Mail=_B0D47E19-7B95-4D1F-AF1A-6324FA113E38"; protocol="application/pgp-signature"; micalg=pgp-sha1 From: Dimitry Andric X-Priority: 3 (Normal) In-Reply-To: Date: Thu, 25 Sep 2014 17:04:24 +0200 Message-Id: <3DA4B666-AB81-4F25-ABAE-DDC163F41E20@FreeBSD.org> References: To: tundra@tundraware.com X-Mailer: Apple Mail (2.1878.6) Cc: FreeBSD stable , =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 15:04:51 -0000 --Apple-Mail=_B0D47E19-7B95-4D1F-AF1A-6324FA113E38 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 25 Sep 2014, at 16:54, Tim Daneliuk wrote: > I've seen this behavior over the last week or two when I try to = upgrade > to latest stable sources. Currently just installed kernel and world = for: >=20 > /usr/src>svn info > Path: . > Working Copy Root Path: /usr/src > URL: svn://svn.freebsd.org/base/stable/10 > Relative URL: ^/stable/10 > Repository Root: svn://svn.freebsd.org/base > Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f > Revision: 272095 > Node Kind: directory > Schedule: normal > Last Changed Author: peter > Last Changed Rev: 272078 > Last Changed Date: 2014-09-24 14:30:36 -0500 (Wed, 24 Sep 2014) >=20 > This breaks saslauthd - it demands a password when sending mail, but = then > rejects it in every case. >=20 > If I just install a new kernel, everything is fine. But if I install > world, that's when the problem shows up. I've tried a full reinstall = of > cygnus sasls and the daemon is running. >=20 > Ideas on how to chase this down/fix, would be appreciated... It is probably caused by this MFC: = http://svnweb.freebsd.org/changeset/base/271766 To make saslauthd work again, you need to specify a correct PAM policy file in /usr/local/etc/pam.d for your service, most likely "smtp" in this case. E.g., create a file /usr/local/etc/pam.d/smtp, containing at least: auth required pam_unix.so no_warn = try_first_pass account required pam_unix.so session required pam_permit.so password required pam_permit.so Optionally, add a line: auth required pam_group.so luser = group=3Dsmtp-users fail_safe to allow only members of the smtp-users group to authenticate successfully. -Dimitry --Apple-Mail=_B0D47E19-7B95-4D1F-AF1A-6324FA113E38 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlQkLwEACgkQsF6jCi4glqMMuwCfU+JtTD/2d5kfZmhnOrYF3Wam XbkAoOBMxBQG1VlthYoVJoWz+dGgEJFI =oFQb -----END PGP SIGNATURE----- --Apple-Mail=_B0D47E19-7B95-4D1F-AF1A-6324FA113E38--