OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [PATCH] Documentation hints for SASL
From: Matthias Andree (madt.e-technik.uni-dortmund.de)
Date: Fri Dec 15 2000 - 07:16:55 CST

Carsten Hoeger <choegersuse.de> writes:

> On Fri, Dec 15, Matthias Andree wrote:
>
> > > Thanks much. I am dependent on other people for documentation of
> > > and experience with the features that aren't compiled in by default.
> >
> > Yup. However, I haven't yet got pwcheck_method: pwcheck to work. Has
> > someone got this working and can provide further documentation on common
> > pitfalls?
>
> Use pwcheck_method: pam
> That works just out of the box with something like this in
> /etc/pam.d/smtp:
>
> #%PAM-1.0
> auth required /lib/security/pam_unix.so
> account required /lib/security/pam_unix.so

This only works if smtpd is run as root. (For /etc/shadow access; PAM
callees run on account and behalf of the caller). That's exactly what
pwcheck is for.

However, I got it to work now with pwcheck; I just found out (the hard
way) that re-configuring cyrus-sasl with --with-pwcheck was not enough,
but a distclean before configuring helped me. 

-- 
Matthias Andree