10.1 BETA2 World - Breaks saslauthd

Dimitry Andric dim at FreeBSD.org
Thu Sep 25 15:04:51 UTC 2014 

On 25 Sep 2014, at 16:54, Tim Daneliuk <tundra at tundraware.com> wrote:
> I've seen this behavior over the last week or two when I try to upgrade
> to latest stable sources.  Currently just installed kernel and world for:
> 
> /usr/src>svn info
> Path: .
> Working Copy Root Path: /usr/src
> URL: svn://svn.freebsd.org/base/stable/10
> Relative URL: ^/stable/10
> Repository Root: svn://svn.freebsd.org/base
> Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
> Revision: 272095
> Node Kind: directory
> Schedule: normal
> Last Changed Author: peter
> Last Changed Rev: 272078
> Last Changed Date: 2014-09-24 14:30:36 -0500 (Wed, 24 Sep 2014)
> 
> This breaks saslauthd - it demands a password when sending mail, but then
> rejects it in every case.
> 
> If I just install a new kernel, everything is fine.  But if I install
> world, that's when the problem shows up.  I've tried a full reinstall of
> cygnus sasls and the daemon is running.
> 
> Ideas on how to chase this down/fix, would be appreciated...

It is probably caused by this MFC: http://svnweb.freebsd.org/changeset/base/271766

To make saslauthd work again, you need to specify a correct PAM policy
file in /usr/local/etc/pam.d for your service, most likely "smtp" in
this case.  E.g., create a file /usr/local/etc/pam.d/smtp, containing at
least:

auth            required        pam_unix.so             no_warn try_first_pass
account         required        pam_unix.so
session         required        pam_permit.so
password        required        pam_permit.so

Optionally, add a line:

auth            required        pam_group.so            luser group=smtp-users fail_safe

to allow only members of the smtp-users group to authenticate
successfully.

-Dimitry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20140925/00467201/attachment.sig>

More information about the freebsd-stable mailing list