Re: Postfix with Cyrus SASL

Thu, 10 Jan 2008 14:18:17 -0800

--On Thursday, January 10, 2008 17:01:03 -0500 Gerard <[EMAIL PROTECTED]> wrote: 


On Thu, 10 Jan 2008 15:46:33 -0600
Shawn Barnhart <[EMAIL PROTECTED]> wrote:


Paul Schmehl wrote:
> It should, because it calls this:
>
> .if defined(WITH_SASL2)
> LIB_DEPENDS+=           sasl2.2:${PORTSDIR}/security/cyrus-sasl2
> POSTFIX_CCARGS+=        -DUSE_SASL_AUTH -DUSE_CYRUS_SASL
> -I${LOCALBASE}/include -I${LOCALBASE}/include/sasl
> POSTFIX_AUXLIBS+=       -L${LOCALBASE}/lib -lsasl2 -lpam -lcrypt
> .endif
>
> Yes, you need to install saslauthd, however, if you checked the
> OPTION when you installed Postfix, it's most likely already
> installed.  You *also* need to enable saslauthd in /etc/rc.conf:
>
> [EMAIL PROTECTED] /usr/ports/mail/postfix]# grep sasl /etc/rc.conf
> saslauthd_enable="YES"
> saslauthd_flags=" -a pam -n 2"
>
> (This uses /etc/passwd through pam, btw.)
>
> Look at /usr/local/etc/rc.d/saslauthd.sh for the options and flags
> available or read man (8) saslauthd.
>

Either I'm totally fubar, or the ports snapshot I have is braindead
as I did select the SASL option when I built postfix and I have sasl
libs in /usr/local/lib and /usr/local/lib/sasl2 but none of the other
sasl components are installed.  No saslauthd in /usr/local/etc/rc.d,
no manpage, just libraries mentioned above, and my postfix smtpd does
appear to have a sasl library run-time dependency per ldd.

Is the better fix to manually re-install the same Cyrus sasl port or
deinstall both it and postfix and rebuild postfix with the sasl
option and hope I get a complete build?


It has been awhile; however, if I remember correctly, the 'saslauthd'
daemon is not installed by Postfix. I think you are confusing this with
SASL in general. You might want to read the 'Complete Book of Postfix"
for further information on getting SASL up and running. BTW, unless it
has changes, 'saslauthd' only handles plain text authentication.
I think you're right. It's been a while for me as well, but looking at ports I see that there's a totally separate cyrus-sasl2-saslauthd port, and it doesn't appear to be a dependency for postfix.
I think saslauthd will handle kerberos as well as plaintext, but most people use plaintext and then ssl-ize postfix to encrypt the session. 

--
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to