Bug 193927 - saslauthd Broken By Recent MFC
Summary: saslauthd Broken By Recent MFC
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: 10.1-BETA1
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-25 15:49 UTC by tundra
Modified: 2014-10-09 14:12 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description tundra 2014-09-25 15:49:51 UTC
Recent MFC broke saslauthd.  A separate file for 'smtp' is now required in /etc/pam.d to fix this.  Per Dimitry Andric, this needs to be in that file:

-----

To make saslauthd work again, you need to specify a correct PAM policy
file in /usr/local/etc/pam.d for your service, most likely "smtp" in
this case.  E.g., create a file /usr/local/etc/pam.d/smtp, containing at
least:

auth            required        pam_unix.so             no_warn
try_first_pass
account         required        pam_unix.so
session         required        pam_permit.so
password        required        pam_permit.so

Optionally, add a line:

auth            required        pam_group.so            luser
group=smtp-users fail_safe

to allow only members of the smtp-users group to authenticate
successfully.

-----

Suggest an example /etc/pam.d/smtp be provided in base system along with a note in UPDATING.

Thanks,
Comment 1 Kurt Jaeger freebsd_committer 2014-09-26 07:14:22 UTC
See

https://lists.freebsd.org/pipermail/freebsd-stable/2014-September/080233.html

and follow-ups.
Comment 2 commit-hook freebsd_committer 2014-09-29 08:58:11 UTC
A commit references this bug:

Author: des
Date: Mon Sep 29 08:57:36 UTC 2014
New revision: 272280
URL: https://svnweb.freebsd.org/changeset/base/272280

Log:
  Instead of failing when neither PAM_TTY nor PAM_RHOST are available, call
  login_access() with "**unknown**" as the second argument.  This will allow
  "ALL" rules to match.

  Reported by:	Tim Daneliuk <tundra@tundraware.com>
  Tested by:	dim@
  PR:		83099 193927
  MFC after:	3 days

Changes:
  head/lib/libpam/modules/pam_login_access/pam_login_access.c
Comment 3 commit-hook freebsd_committer 2014-09-29 10:36:19 UTC
A commit references this bug:

Author: bz
Date: Mon Sep 29 10:36:15 UTC 2014
New revision: 272281
URL: https://svnweb.freebsd.org/changeset/base/272281

Log:
  Hopefully fix build breakage with gcc passing void * instead of char *
  to "%s" format string after r272280.

  PR:		83099 193927
  MFC after:	3 days
  X-MFC with:	r272280

Changes:
  head/lib/libpam/modules/pam_login_access/pam_login_access.c
Comment 4 commit-hook freebsd_committer 2014-10-01 10:27:29 UTC
A commit references this bug:

Author: des
Date: Wed Oct  1 10:26:44 UTC 2014
New revision: 272351
URL: https://svnweb.freebsd.org/changeset/base/272351

Log:
  MFH (r272280, r272281, r272348): allow use with null user and rhost

  PR:		83099 193927
  Approved by:	re (kib)

Changes:
_U  stable/10/
  stable/10/lib/libpam/modules/pam_login_access/pam_login_access.c
Comment 5 commit-hook freebsd_committer 2014-10-01 10:29:43 UTC
A commit references this bug:

Author: des
Date: Wed Oct  1 10:29:15 UTC 2014
New revision: 272352
URL: https://svnweb.freebsd.org/changeset/base/272352

Log:
  MFH (r272280, r272281, r272348): allow use with null user and rhost

  PR:		83099 193927

Changes:
_U  stable/9/lib/libpam/
  stable/9/lib/libpam/modules/pam_login_access/pam_login_access.c
Comment 6 commit-hook freebsd_committer 2014-10-01 10:36:46 UTC
A commit references this bug:

Author: des
Date: Wed Oct  1 10:35:52 UTC 2014
New revision: 272353
URL: https://svnweb.freebsd.org/changeset/base/272353

Log:
  MFH (r272280, r272281, r272348): allow use with null user and rhost

  PR:		83099 193927

Changes:
_U  stable/8/lib/libpam/
  stable/8/lib/libpam/modules/pam_login_access/pam_login_access.c