From owner-freebsd-stable  Fri Oct 11  9:45: 0 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7529237B401
	for <freebsd-stable@FreeBSD.ORG>; Fri, 11 Oct 2002 09:44:58 -0700 (PDT)
Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C6FE043E3B
	for <freebsd-stable@FreeBSD.ORG>; Fri, 11 Oct 2002 09:44:57 -0700 (PDT)
	(envelope-from hetzels@westbend.net)
Received: from Admin01 (admin01.westbend.net [216.47.253.18])
	by mail.westbend.net (8.12.5/8.12.5) with SMTP id g9BGigrH032101;
	Fri, 11 Oct 2002 11:44:42 -0500 (CDT)
	(envelope-from hetzels@westbend.net)
Message-ID: <025601c27145$7f1722e0$12fd2fd8@Admin01>
From: "Scot W. Hetzel" <hetzels@westbend.net>
To: "Joseph Scott" <joseph@randomnetworks.com>,
	"Pavel A Crasotin" <pavel@ctk.ru>
Cc: <freebsd-stable@FreeBSD.ORG>
References: <Pine.BSF.4.21.0201300453290.4204-100000@pebkac.owp.csus.edu>
Subject: Re: Cyrus+pam_radius. How to make work?
Date: Fri, 11 Oct 2002 11:44:23 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Virus-Scanned: by amavisd-milter (http://amavis.org/)
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

From: "Joseph Scott" <joseph@randomnetworks.com>
> # Hi
> #
> # I'v a asked in cyrus-info but seems none knows why cyrus-imap 2.0.16
> # (cyrus-sasl-1.15.27) dont work with pam_radius.
> #
> # Can anyone help me?
>
> Just in case no one has answered this.
>
> The trick is to make the pwcheck daemon support PAM.  The current
> version of the cyrus-sasl port has an option to build a PAM version of
> pwcheck.  Before that there was a patch that did it in a slightly
> different way.
>
The security/cyrus-sasl port installs 2 pwcheck daemons (pwcheck, and
pwcheck_pam), all you need to do is add:

    sasl_pwcheck_enable=yes
    sasl_pwcheck_program=PREFIX/sbin/pwcheck_pam
    sasl_saslauthd1_enable=no

to your /etc/rc.conf file and then to start the pwcheck daemon use:

    PREFIX/etc/rc.d/pwcheck.sh start.

Also the pwcheck daemon has been depreciated in favor of a general password
checking daemon (saslauthd).  The security/cyrus-sasl port installs
saslauthd as the default password checking daemon.  By default it uses PAM
to check passwords.  You will also need to added a cyrus service to the
/etc/pam.conf file or copy PREFIX/share/example/cyrus-sasl/cyrus.pam to
/etc/pam.d/cyrus.

Scot
Maintainer of security/cyrus-sasl port


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message