splitting courier-authlib into master+slave ports

Yarema yds at CoolRat.org
Tue Apr 26 08:24:49 PDT 2005

--On Tuesday, April 26, 2005 16:33:28 +0200 Jose M Rodriguez 
<josemi at freebsd.jazztel.es> wrote:

> El Martes, 26 de Abril de 2005 16:25, Yarema escribió:
>> --On Tuesday, April 26, 2005 16:02:15 +0200 Jose M Rodriguez
>> <josemi at freebsd.jazztel.es> wrote:
>> > El Martes, 26 de Abril de 2005 15:32, Oliver Lehmann escribió:
>> >> Milan Obuch wrote:
>> >> > Issue with ldconfig seems not to be solved to me. Any idea?
>> >> > Milan
>> >>
>> >> right, courier-authlib works, but the path got not registered for
>> >> ldconfig permanently.
>> >>
>> >>
>> >> root at curry courier-authlib> ldconfig -vr
>> >> /var/run/ld-elf.so.hints:
>> >>         search directories:
>> >> /lib:/usr/lib:/usr/lib/compat:/usr/local/lib:/
>> >> usr/local/lib/courier-authlib:/usr/local/lib/mysql
>> >>
>> >> reboot...
>> >>
>> >>
>> >> root at curry olivleh1> ldconfig -vr
>> >> /var/run/ld-elf.so.hints:
>> >>         search directories:
>> >> /lib:/usr/lib:/usr/lib/compat:/usr/local/lib:/ usr/local/lib/mysql
>> >>
>> >> But that is like it is now. With mail/courier-authlib like it is
>> >> now, the same thing happens.
>> >>
>> >>
>> >> I'm not really shure why this happens since
>> >>
>> >> root at curry courier-authlib-mysql> make -VLDCONFIG_DIRS
>> >> %%PREFIX%%/lib/courier-authlib
>> >>
>> >>
>> >> works... I'll take a look for that error. If I don't find anything
>> >> I'll commit w/o fixing it right now.
>> >
>> > I can see the correct ldconfig lines recorded in +CONTENTS, but
>> > also I can reproduce the ldconfig -vr output.
>> >
>> > In any case, authdaemond start ok, but claims that it can't load
>> > the modules in modulelist I not installed.
>> >
>> > I you like, try to get authdaemonrc.dist more closer to the ports
>> > behavior: only put authpam in the modulelist (what -base install)
>> > This is made in the Makefile (reimplace).  At last supress authpwd.
>> >
>> > And..., can you work a quick pkg-message or UPDATING note on the
>> > need to tweak authdaemonrc to polite oper?
>> The documentaion at
>> <http://www.Courier-MTA.org/authlib/README_authlib.html> says:
>> ~~~~~
>> The configuration file /usr/local/etc/authlib/authdaemonrc contains
>> several settings. The most important of them are:
>> A list of authentication modules to activate. By default, this list
>> includes all available authentication modules, even if some are not
>> actually installed at the moment. When the authentication library is
>> set up, only those authentication modules that can be supported by
>> the operating system will be installed. Some of the listed modules
>> may not actually be there, however that's not a problem. Any
>> unavailable authentication modules will be ignored. Also, on some
>> platforms certain authentication modules are installed by optional
>> sub-packages. Installing the sub-package is the only action needed to
>> make use of it.
>> The only time the list of authentication modules need to be adjusted
>> is when an available authentication module must be disabled for some
>> reason. This should only be needed in the most unusual circumstances.
>> ~~~~~
>> Which I take to mean that authdaemond complaining about modules it
>> cannot load at startup can be safely ignored.  authpwd should
>> definitely not be there anymore.  But authmodulelist should include
>> all the plugin modules which we support and as the comment referring
>> to authmodulelist in authdaemonrc suggests "You may selectively
>> disable modules simply by removing them from the following list."  In
>> any case authmodulelistorig needs to contain all the modules we
>> support and should never be modified.
>> This is just a matter of RTFM for the user before firing up
>> courier-authlib.  The staretup messages are mere warning and if they
>> are an eyesore we can redirect them to >/dev/null 2>&1 in the startup
>> script.
> The problem is that 'out of the box' this goes to /var/log/maillog with
> some precious FATAL on it.

Perhaps <MrSam at Courier-MTA.com> needs to change them FATAL messages to INFO 
or WARNING to comply with his own documentation and rpm packaging 
methodology...  :)

> In any case I'm with you, supress only authpwd (we not install it in any
> case) and make some warning about this and the convenience to tweak
> authdaemonrc.
> And UPDATING entry with do the task.

Agreed.  Actually going through the documentation our out-of-the-box 
settings in authdaemonrc should be:

authmodulelist="authcram authuserdb authvchkpw authpam authldap authmysql 
authmodulelistorig="authcram authuserdb authvchkpw authpam authldap 
authmysql authpgsql"

in that order.  authcram is part of userdb and needs to be listed first. 
Then authuserdb gets tried then authvchkpw and if none of them are 
available or configured then authpam tries to see if there's a system 
account.  authldap authmysql authpgsql need to stay at the end because as 
noted at the bottom of 

authdaemond tries each of the configured authentication modules in turn, 
until either one accepts the login, or they have all rejected it (in which 
case the usual "Login failed" error is returned, and the user can try 

However, if one of these modules is unable to run because some resource is 
not available, then it gives a "temporary failure" response and no further 
modules are tried. You should find the exact cause in your mail logs, but 
typically it means that you have a module like 'authmysql' in your module 
list, but the mysql database is not running.

So unless you actually do have account data in mysql (in which case you 
need to fix your mysql setup), you should remove 'authmysql' and any other 
modules you do not use from authmodulelist in authdaemonrc.


More information about the freebsd-ports mailing list