aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordwcjr <dwcjr@FreeBSD.org>2002-09-02 00:38:33 +0800
committerdwcjr <dwcjr@FreeBSD.org>2002-09-02 00:38:33 +0800
commit984e4de075d9d55950ee5e197c8e95961506d701 (patch)
tree608695669ed541dbebcea640a3e8c448f8ee88f6
parentfd50192ea7567a034b59dfc96a1d112f8ccfa573 (diff)
downloadfreebsd-ports-gnome-984e4de075d9d55950ee5e197c8e95961506d701.tar.gz
freebsd-ports-gnome-984e4de075d9d55950ee5e197c8e95961506d701.tar.zst
freebsd-ports-gnome-984e4de075d9d55950ee5e197c8e95961506d701.zip
add an example PAM file for saslauthd and pwcheck_pam daemons
update the Sendmail.README file to include instructions for using the security/cyrus-sasl2 port. PR: 42153 Submitted by: maintainer
-rw-r--r--security/cyrus-sasl/Makefile21
-rw-r--r--security/cyrus-sasl/files/Sendmail.README20
-rw-r--r--security/cyrus-sasl/files/cyrus.pam18
-rw-r--r--security/cyrus-sasl/pkg-plist6
4 files changed, 58 insertions, 7 deletions
diff --git a/security/cyrus-sasl/Makefile b/security/cyrus-sasl/Makefile
index ec4f808eea27..68f7fba3081b 100644
--- a/security/cyrus-sasl/Makefile
+++ b/security/cyrus-sasl/Makefile
@@ -42,7 +42,7 @@ MAN3= sasl.3 sasl_authorize_t.3 sasl_callbacks.3 sasl_checkpass.3 \
sasl_listmech.3 sasl_log_t.3 sasl_server_init.3 \
sasl_server_new.3 sasl_server_start.3 sasl_server_step.3 \
sasl_setprop.3 sasl_usererr.3
-MAN8= sasldblistusers.8 saslpasswd.8 saslauthd.8
+MAN8= sasldblistusers.8 saslpasswd.8 saslauthd1.8
USE_AUTOMAKE_VER=14
USE_LIBTOOL= YES
@@ -99,6 +99,7 @@ PLIST_SUB= PREFIX=${PREFIX} \
GSSAPI=${GSSAPI} \
EBONES=${EBONES} \
DOCSDIR=${DOCSDIR:S/^${PREFIX}\///} \
+ EXAMPLESDIR=${EXAMPLESDIR:S/^${PREFIX}\///}
LDAP_MYSQL_PATCH= ldap-mysql_sasl-${PORTVERSION}/sasl-ldap+mysql.patch
@@ -150,11 +151,21 @@ pre-install:
@${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
@if [ -f ${PREFIX}/sbin/saslauthd ]; then \
mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd2; \
+ if [ -f ${PREFIX}/man/man8/saslauthd.8 ]; then \
+ mv ${PREFIX}/man/man8/saslauthd.8 \
+ ${PREFIX}/man/man8/saslauthd2.8; \
+ elif [ -f ${PREFIX}/man/man8/saslauthd.8.gz ]; then \
+ mv ${PREFIX}/man/man8/saslauthd.8.gz \
+ ${PREFIX}/man/man8/saslauthd2.8.gz; \
+ fi; \
fi
post-install:
@${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${PWCHECK_SUB} \
${FILESDIR}/pwcheck.sh > ${PREFIX}/etc/rc.d/pwcheck.sh
+ @${MKDIR} ${EXAMPLESDIR}
+ @${SED} -e 's;%%PREFIX%%;${PREFIX};g' \
+ ${FILESDIR}/cyrus.pam > ${EXAMPLESDIR}/cyrus.pam
@${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh
${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck
@${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${SASLAUTHD_SUB} \
@@ -174,8 +185,16 @@ post-install:
@${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR}
.endif
@mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd1
+ @mv ${PREFIX}/man/man8/saslauthd.8 ${PREFIX}/man/man8/saslauthd1.8
@if [ -f ${PREFIX}/sbin/saslauthd2 ]; then \
mv ${PREFIX}/sbin/saslauthd2 ${PREFIX}/sbin/saslauthd; \
+ if [ -f ${PREFIX}/man/man8/saslauthd2.8 ]; then \
+ mv ${PREFIX}/man/man8/saslauthd2.8 \
+ ${PREFIX}/man/man8/saslauthd.8; \
+ elif [ -f ${PREFIX}/man/man8/saslauthd2.8.gz ]; then \
+ mv ${PREFIX}/man/man8/saslauthd2.8.gz \
+ ${PREFIX}/man/man8/saslauthd.8.gz; \
+ fi; \
fi
@PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
@${CAT} ${PKGMESSAGE}
diff --git a/security/cyrus-sasl/files/Sendmail.README b/security/cyrus-sasl/files/Sendmail.README
index c88d2433e92e..ce51d46cdd9e 100644
--- a/security/cyrus-sasl/files/Sendmail.README
+++ b/security/cyrus-sasl/files/Sendmail.README
@@ -7,14 +7,25 @@ How to enable SMTP AUTH with FreeBSD default Sendmail
SENDMAIL_LDFLAGS+= -L/usr/local/lib
SENDMAIL_LDADD+= -lsasl
- NOTE: Sendmail 8.10 - 8.11 needS -D_FFR_UNSAFE_SASL added
+ NOTE: 1. Sendmail 8.10 - 8.11 needS -D_FFR_UNSAFE_SASL added
to SENDMAIL_CFLAGS, if you need the GroupReadableSASLFile option
+ Starting with Sendmail 8.12, you can also use the security/cyrus-sasl2
+ port. Then you will not need the SASL V1 port installed.
+
+ SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
+ SENDMAIL_LDFLAGS=-L/usr/local/lib
+ SENDMAIL_LDADD=-lsasl2
+
+
2) Rebuild FreeBSD (make buildworld, ...)
-3) Create /usr/local/lib/sasl/Sendmail.conf with the following.
+3) Make sure that the pwcheck_method is correct in Sendmail.conf.
- pwcheck_method: pwcheck
+ Sendmail.conf (${PREFIX}/lib/sasl{,2}/Sendmail.conf) is created by
+ the cyrus-sasl and cyrus-sasl2 ports during installation. It may have
+ pwcheck_method set to either pwcheck (V1 only) or saslauthd (V1 & V2) by
+ default. Change this to what is appropriate for your site.
4) Add the following to your sendmail.mc file:
@@ -44,7 +55,8 @@ How to enable SMTP AUTH with FreeBSD default Sendmail
PLAIN is required for Netscape Communicator users. By default Netscape
Communicator will use SASL Authentication when sendmail is compiled with
- SASL.
+ SASL and will cause your users to enter their passwords each time they
+ retreive their mail (NS 4.7).
The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you
are using cyrus-imapd and sendmail on the same server that requires access
diff --git a/security/cyrus-sasl/files/cyrus.pam b/security/cyrus-sasl/files/cyrus.pam
new file mode 100644
index 000000000000..3c3734c3672f
--- /dev/null
+++ b/security/cyrus-sasl/files/cyrus.pam
@@ -0,0 +1,18 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "cyrus" service
+# Copy this file to /etc/pam.d/cyrus
+#
+
+# auth
+#auth required pam_nologin.so no_warn
+#auth sufficient %%PREFIX%%/lib/pam_ldap.so nowarn
+#auth sufficient pam_opie.so no_warn no_fake_prompts
+#auth requisite pam_opieaccess.so no_warn
+#auth required pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+#account sufficient %%PREFIX%%/lib/pam_ldap.so
+account required pam_unix.so
diff --git a/security/cyrus-sasl/pkg-plist b/security/cyrus-sasl/pkg-plist
index 9aa77e2385d2..e9df945e693e 100644
--- a/security/cyrus-sasl/pkg-plist
+++ b/security/cyrus-sasl/pkg-plist
@@ -43,6 +43,7 @@ sbin/saslpasswd
sbin/pwcheck
sbin/pwcheck_pam
sbin/saslauthd1
+%%EXAMPLESDIR%%/cyrus.pam
%%JAVASASL%%share/java/classes/sasl/CyrusSasl/ClientFactory.class
%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericClient.class
%%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericCommon.class
@@ -90,17 +91,18 @@ sbin/saslauthd1
%%JAVASASL%%@dirrm share/java/classes/sasl/javax
%%JAVASASL%%@dirrm share/java/classes/sasl/CyrusSasl
%%JAVASASL%%@dirrm share/java/classes/sasl
+@dirrm %%EXAMPLESDIR%%
@dirrm lib/sasl
@cwd /var
@exec install -d -m 770 -o cyrus -g cyrus %D/pwcheck
-@comment This file gets created by the pwcheck program
+@comment This file is created by the pwcheck program
@unexec rm -f %D/pwcheck/pwcheck
@dirrm pwcheck
@mode ug=rwx,o=
@exec mkdir -p /var/state/saslauthd1
@exec chown -R cyrus:cyrus state
@exec chmod -R o= state
-@comment This file gets created by the state/saslauthd program
+@comment These files are created by the saslauthd program
@unexec rm -fr /var/state/saslauthd1
@unexec rmdir /var/state
@cwd %%PREFIX%%