Pam issues w/ upgrading mail server from FC3 to FC5
Philip Prindeville
philipp_subx at redfish-solutions.com
Mon Nov 13 04:06:20 UTC 2006
Craig White wrote:
>On Sun, 2006-11-12 at 15:53 -0700, Philip Prindeville wrote:
>
>
>>Sam Varshavchik wrote:
>>
>>
>>
>>>Philip Prindeville writes:
>>>
>>>
>>>
>>>
>>>
>>>>Since we reimaged our mail server (using Sendmail, Cyrus-imap, Mimedefang,
>>>>and SpamAssassin) to FC5, we've been seeing:
>>>>
>>>>Nov 10 11:13:21 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
>>>>Nov 10 11:13:21 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
>>>>Nov 10 11:56:03 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
>>>>Nov 10 11:56:03 mail saslauthd[2912]: Deprecated pam_stack module called from service "imap"
>>>>Nov 10 11:56:03 mail saslauthd[2909]: Deprecated pam_stack module called from service "imap"
>>>>
>>>>in our /var/log/secure logfile. sigh... did I forget to do
>>>>something else when setting up the mail server following the
>>>>FC5 reimage?
>>>>
>>>>
>>>>
>>>>
>>>As the message says: pam_stack is deprecated.
>>>
>>>After some further poking: pam_stack has been replaced by the include
>>>directive. See /etc/pam.d
>>>
>>>
>>>
>>>
>>Ok, well, I'm looking at it:
>>
>>#%PAM-1.0
>>auth required pam_stack.so service=system-auth
>>account required pam_stack.so service=system-auth
>>
>>I'm also seeing the contents of the /usr/share/docs/cyrus-imap-*/
>>directory that references the link:
>>
>>http://www.kernel.org/pub/linux/libs/pam/FAQ
>>
>>and looking at that link, they talk about RedHat lagging behind
>>on the PAM release.
>>
>>Well, this is more than a bit confusing. It looks like Cyrus
>>is the one lagging behind... or at least, whoever set the options
>>that the Redhat RPM's get packaged with did.
>>
>>What *should* Cyrus be using to authenticate?
>>
>>This is assuming that I don't want all users having mailboxes to
>>have entries (accounts) in /etc/passwd... I can seed their passwords
>>manually using saslpasswd -f /etc/sasldb2 ...
>>
>>
>----
>It depends upon setting in /etc/imapd.conf
>
># grep sasl /etc/imapd.conf
>sasl_pwcheck_method: saslauthd
>sasl_mech_list: PLAIN
>
>when cyrus uses saslauthd for authentication...
>
># cat /etc/sysconfig/saslauthd
># Directory in which to place saslauthd's listening socket, pid file,
>and so
># on. This directory must already exist.
>SOCKETDIR=/var/run/saslauthd
>
># Mechanism to use when checking passwords. Run "saslauthd -v" to get a
>list
># of which mechanism your installation was compiled with the ablity to
>use.
>MECH=pam
>
># Additional flags to pass to saslauthd on the command line. See
>saslauthd(8)
># for the list of accepted flags.
>FLAGS=
>
>make sure that saslauthd service is started...
>
>/sbin/service saslauthd status
>saslauthd (pid 3233 3232 3231 3230 3219) is running...
>
>this should pretty much work.
>
>Craig
>
>
Yeah, saslauthd is running... the config is unchanged, as above...
I've created a username with:
saslpasswd2 -f /etc/sasldb2 -a imap -c username
Oh, did the "chown cyrus.mail /etc/sasldb2" also...
So I can't figure out what else needs to be done... Still seeing
those messages.
-Philip
More information about the fedora-list
mailing list