Re: Postfix with Cyrus SASL
--On Thursday, January 10, 2008 17:01:03 -0500 Gerard <[EMAIL PROTECTED]> wrote: On Thu, 10 Jan 2008 15:46:33 -0600 Shawn Barnhart <[EMAIL PROTECTED]> wrote: Paul Schmehl wrote: > It should, because it calls this: > > .if defined(WITH_SASL2) > LIB_DEPENDS+= sasl2.2:${PORTSDIR}/security/cyrus-sasl2 > POSTFIX_CCARGS+=-DUSE_SASL_AUTH -DUSE_CYRUS_SASL > -I${LOCALBASE}/include -I${LOCALBASE}/include/sasl > POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lsasl2 -lpam -lcrypt > .endif > > Yes, you need to install saslauthd, however, if you checked the > OPTION when you installed Postfix, it's most likely already > installed. You *also* need to enable saslauthd in /etc/rc.conf: > > [EMAIL PROTECTED] /usr/ports/mail/postfix]# grep sasl /etc/rc.conf > saslauthd_enable="YES" > saslauthd_flags=" -a pam -n 2" > > (This uses /etc/passwd through pam, btw.) > > Look at /usr/local/etc/rc.d/saslauthd.sh for the options and flags > available or read man (8) saslauthd. > Either I'm totally fubar, or the ports snapshot I have is braindead as I did select the SASL option when I built postfix and I have sasl libs in /usr/local/lib and /usr/local/lib/sasl2 but none of the other sasl components are installed. No saslauthd in /usr/local/etc/rc.d, no manpage, just libraries mentioned above, and my postfix smtpd does appear to have a sasl library run-time dependency per ldd. Is the better fix to manually re-install the same Cyrus sasl port or deinstall both it and postfix and rebuild postfix with the sasl option and hope I get a complete build? It has been awhile; however, if I remember correctly, the 'saslauthd' daemon is not installed by Postfix. I think you are confusing this with SASL in general. You might want to read the 'Complete Book of Postfix" for further information on getting SASL up and running. BTW, unless it has changes, 'saslauthd' only handles plain text authentication. I think you're right. It's been a while for me as well, but looking at ports I see that there's a totally separate cyrus-sasl2-saslauthd port, and it doesn't appear to be a dependency for postfix. I think saslauthd will handle kerberos as well as plaintext, but most people use plaintext and then ssl-ize postfix to encrypt the session. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix with Cyrus SASL
--On Thursday, January 10, 2008 15:46:33 -0600 Shawn Barnhart <[EMAIL PROTECTED]> wrote: Paul Schmehl wrote: It should, because it calls this: .if defined(WITH_SASL2) LIB_DEPENDS+= sasl2.2:${PORTSDIR}/security/cyrus-sasl2 POSTFIX_CCARGS+=-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${LOCALBASE}/include -I${LOCALBASE}/include/sasl POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lsasl2 -lpam -lcrypt .endif Yes, you need to install saslauthd, however, if you checked the OPTION when you installed Postfix, it's most likely already installed. You *also* need to enable saslauthd in /etc/rc.conf: [EMAIL PROTECTED] /usr/ports/mail/postfix]# grep sasl /etc/rc.conf saslauthd_enable="YES" saslauthd_flags=" -a pam -n 2" (This uses /etc/passwd through pam, btw.) Look at /usr/local/etc/rc.d/saslauthd.sh for the options and flags available or read man (8) saslauthd. Either I'm totally fubar, or the ports snapshot I have is braindead as I did select the SASL option when I built postfix and I have sasl libs in /usr/local/lib and /usr/local/lib/sasl2 but none of the other sasl components are installed. No saslauthd in /usr/local/etc/rc.d, no manpage, just libraries mentioned above, and my postfix smtpd does appear to have a sasl library run-time dependency per ldd. Is the better fix to manually re-install the same Cyrus sasl port or deinstall both it and postfix and rebuild postfix with the sasl option and hope I get a complete build? If Postfix is working as you expect (except for auth of course), I would just force the reinstall of sasl (or deinstall and reinstall if that's your preferred method.) Saslauthd is installed in /usr/local/sbin/saslauthd, btw. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix with Cyrus SASL
On Thu, 10 Jan 2008 15:46:33 -0600 Shawn Barnhart <[EMAIL PROTECTED]> wrote: > Paul Schmehl wrote: > > It should, because it calls this: > > > > .if defined(WITH_SASL2) > > LIB_DEPENDS+= sasl2.2:${PORTSDIR}/security/cyrus-sasl2 > > POSTFIX_CCARGS+=-DUSE_SASL_AUTH -DUSE_CYRUS_SASL > > -I${LOCALBASE}/include -I${LOCALBASE}/include/sasl > > POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lsasl2 -lpam -lcrypt > > .endif > > > > Yes, you need to install saslauthd, however, if you checked the > > OPTION when you installed Postfix, it's most likely already > > installed. You *also* need to enable saslauthd in /etc/rc.conf: > > > > [EMAIL PROTECTED] /usr/ports/mail/postfix]# grep sasl /etc/rc.conf > > saslauthd_enable="YES" > > saslauthd_flags=" -a pam -n 2" > > > > (This uses /etc/passwd through pam, btw.) > > > > Look at /usr/local/etc/rc.d/saslauthd.sh for the options and flags > > available or read man (8) saslauthd. > > > > Either I'm totally fubar, or the ports snapshot I have is braindead > as I did select the SASL option when I built postfix and I have sasl > libs in /usr/local/lib and /usr/local/lib/sasl2 but none of the other > sasl components are installed. No saslauthd in /usr/local/etc/rc.d, > no manpage, just libraries mentioned above, and my postfix smtpd does > appear to have a sasl library run-time dependency per ldd. > > Is the better fix to manually re-install the same Cyrus sasl port or > deinstall both it and postfix and rebuild postfix with the sasl > option and hope I get a complete build? It has been awhile; however, if I remember correctly, the 'saslauthd' daemon is not installed by Postfix. I think you are confusing this with SASL in general. You might want to read the 'Complete Book of Postfix" for further information on getting SASL up and running. BTW, unless it has changes, 'saslauthd' only handles plain text authentication. -- Gerard [EMAIL PROTECTED] A chronic disposition to inquiry deprives domestic felines of vital qualities. signature.asc Description: PGP signature
Re: Postfix with Cyrus SASL
Paul Schmehl wrote: It should, because it calls this: .if defined(WITH_SASL2) LIB_DEPENDS+= sasl2.2:${PORTSDIR}/security/cyrus-sasl2 POSTFIX_CCARGS+=-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${LOCALBASE}/include -I${LOCALBASE}/include/sasl POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lsasl2 -lpam -lcrypt .endif Yes, you need to install saslauthd, however, if you checked the OPTION when you installed Postfix, it's most likely already installed. You *also* need to enable saslauthd in /etc/rc.conf: [EMAIL PROTECTED] /usr/ports/mail/postfix]# grep sasl /etc/rc.conf saslauthd_enable="YES" saslauthd_flags=" -a pam -n 2" (This uses /etc/passwd through pam, btw.) Look at /usr/local/etc/rc.d/saslauthd.sh for the options and flags available or read man (8) saslauthd. Either I'm totally fubar, or the ports snapshot I have is braindead as I did select the SASL option when I built postfix and I have sasl libs in /usr/local/lib and /usr/local/lib/sasl2 but none of the other sasl components are installed. No saslauthd in /usr/local/etc/rc.d, no manpage, just libraries mentioned above, and my postfix smtpd does appear to have a sasl library run-time dependency per ldd. Is the better fix to manually re-install the same Cyrus sasl port or deinstall both it and postfix and rebuild postfix with the sasl option and hope I get a complete build? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix with Cyrus SASL
--On Thursday, January 10, 2008 13:44:23 -0600 Shawn Barnhart <[EMAIL PROTECTED]> wrote: Michal F. Hanula wrote: Your postfix is trying to use saslauthd, which usually listens on /var/run/saslauthd/mux. The right way to fix this depends on whether you want to use saslauthd and the place you store your e-mail user data. I want authentication against /etc/passwd (ultimately), not using sasldb2.db. There is no /var/run/saslauthd/mux, and saslauthd doesn't appear installed -- I'm getting the impression that selecting "Cyrus-SASL" in the make config dialog box for the Postfix port doesn't completely install cyrus-sasl components. It should, because it calls this: .if defined(WITH_SASL2) LIB_DEPENDS+= sasl2.2:${PORTSDIR}/security/cyrus-sasl2 POSTFIX_CCARGS+=-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${LOCALBASE}/include -I${LOCALBASE}/include/sasl POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lsasl2 -lpam -lcrypt .endif I'm guessing the solution is to completely install the cyrus-sasl2 port to enable the use of saslauthd. Yes? Or am I way off? Yes, you need to install saslauthd, however, if you checked the OPTION when you installed Postfix, it's most likely already installed. You *also* need to enable saslauthd in /etc/rc.conf: [EMAIL PROTECTED] /usr/ports/mail/postfix]# grep sasl /etc/rc.conf saslauthd_enable="YES" saslauthd_flags=" -a pam -n 2" (This uses /etc/passwd through pam, btw.) Look at /usr/local/etc/rc.d/saslauthd.sh for the options and flags available or read man (8) saslauthd. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix with Cyrus SASL
Michal F. Hanula wrote: Your postfix is trying to use saslauthd, which usually listens on /var/run/saslauthd/mux. The right way to fix this depends on whether you want to use saslauthd and the place you store your e-mail user data. I want authentication against /etc/passwd (ultimately), not using sasldb2.db. There is no /var/run/saslauthd/mux, and saslauthd doesn't appear installed -- I'm getting the impression that selecting "Cyrus-SASL" in the make config dialog box for the Postfix port doesn't completely install cyrus-sasl components. I'm guessing the solution is to completely install the cyrus-sasl2 port to enable the use of saslauthd. Yes? Or am I way off? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix with Cyrus SASL
Your postfix is trying to use saslauthd, which usually listens on /var/run/saslauthd/mux. The right way to fix this depends on whether you want to use saslauthd and the place you store your e-mail user data. m&f -- Speak softly and carry a big lion pgpNdevFsSGQS.pgp Description: PGP signature
Postfix with Cyrus SASL
I'm running a recently built 6.2 stable build (which uname calls 6.3-PRERELEASE) and Postfix built from ports with the Cyrus SASLv2 option. Postfix works fine, including TLS but SASAL authentication logs "file not found" errors. Jan 9 17:14:10 postfix postfix/smtpd[48488]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Jan 9 17:14:10 postfix postfix/smtpd[48488]: warning: unknown[192.168.1.152]: SASL LOGIN authentication failed: generic failure I'm not sure which file or directory is missing. The docs on this are sketchy, most of what is listed is way out of date, and the most up to date docs, http://www.postfix.org/SASL_README.html isn't terribly platform specific. Its not entirely clear if I need other SASL components; the entire Cyrus SASL package appears installed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"