Pam issues w/ upgrading mail server from FC3 to FC5
Craig White
craigwhite at azapple.com
Sun Nov 12 23:01:35 UTC 2006
On Sun, 2006-11-12 at 15:53 -0700, Philip Prindeville wrote:
> Sam Varshavchik wrote:
>
> >Philip Prindeville writes:
> >
> >
> >
> >>Since we reimaged our mail server (using Sendmail, Cyrus-imap, Mimedefang,
> >>and SpamAssassin) to FC5, we've been seeing:
> >>
> >>Nov 10 11:13:21 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
> >>Nov 10 11:13:21 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
> >>Nov 10 11:56:03 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
> >>Nov 10 11:56:03 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
> >>Nov 10 11:56:03 mail saslauthd[2909]: Deprecated pam_stack module called from service "imap"
> >>
> >>in our /var/log/secure logfile. sigh... did I forget to do
> >>something else when setting up the mail server following the
> >>FC5 reimage?
> >>
> >>
> >
> >As the message says: pam_stack is deprecated.
> >
> >After some further poking: pam_stack has been replaced by the include
> >directive. See /etc/pam.d
> >
> >
>
> Ok, well, I'm looking at it:
>
> #%PAM-1.0
> auth required pam_stack.so service=system-auth
> account required pam_stack.so service=system-auth
>
> I'm also seeing the contents of the /usr/share/docs/cyrus-imap-*/
> directory that references the link:
>
> http://www.kernel.org/pub/linux/libs/pam/FAQ
>
> and looking at that link, they talk about RedHat lagging behind
> on the PAM release.
>
> Well, this is more than a bit confusing. It looks like Cyrus
> is the one lagging behind... or at least, whoever set the options
> that the Redhat RPM's get packaged with did.
>
> What *should* Cyrus be using to authenticate?
>
> This is assuming that I don't want all users having mailboxes to
> have entries (accounts) in /etc/passwd... I can seed their passwords
> manually using saslpasswd -f /etc/sasldb2 ...
----
It depends upon setting in /etc/imapd.conf
# grep sasl /etc/imapd.conf
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
when cyrus uses saslauthd for authentication...
# cat /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file,
and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to get a
list
# of which mechanism your installation was compiled with the ablity to
use.
MECH=pam
# Additional flags to pass to saslauthd on the command line. See
saslauthd(8)
# for the list of accepted flags.
FLAGS=
make sure that saslauthd service is started...
/sbin/service saslauthd status
saslauthd (pid 3233 3232 3231 3230 3219) is running...
this should pretty much work.
Craig
More information about the fedora-list
mailing list