Re: Postfix+SASL chrooted - out of ideas (SASL_README tweak)

Thu, 02 Jun 2022 06:45:38 -0700 

On 30/05/22 2:48 pm, raf wrote:
> > If set
> > +empty (the default value) the search path is the one compiled into the
> > +Cyrus SASL library. </p> </li>
>
> I don't think that's entirely correct. On Debian, for
> example, the default value of cyrus_sasl_config_path is
> empty, and /etc/postfix/sasl is the directory that is
> used. They haven't changed the default value to be
> non-empty.

It couldn't possibly be that they've compiled it into the cyrus sasl
library?

> But it does look like it's not the postfix package that
> they changed. They changed the sasl2-bin package.
> The only executable binary that contains the string
> /etc/postfix/sasl is /usr/bin/saslfinger which is
> provided by the sasl2-bin package.



On Wed, Jun 01, 2022 at 03:56:02PM +1200, Peter <pe...@pajamian.dhs.org> wrote:

Which suggests that it's been compiled into the cyrus sasl library.


On 02.06.22 08:38, raf wrote:

No. Perhaps in the past, but no longer. I grepped for
/etc/postfix/sasl in every file on a debian11 system
and it didn't appear in libsasl2 or anywhere
interesting.


maybe it uses e.g. path like:

$config_directory/sasl/$smtpd_sasl_path


I have tested it now on debian 11 according to:
https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL

version without changing postfix options
and I was able to set up sasl authentication.

This was also working on debian 8-10, at least my internal docs also say:

 adduser postfix sasl

 /etc/default/saslauthd

    START=yes
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

/etc/postfix/sasl/smtpd.conf

    pwcheck_method: saslauthd
    mech_list: PLAIN LOGIN

dpkg-statoverride --add root sasl 750 /var/spool/postfix/var/run/saslauthd
restart saslauthd & postfix


It did appear in things like saslfinger
and apparmor rules and the postfix package file list
and augeas-lenses (a config file parser). But nothing
in any libsasl files or postfix files.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.

Reply via email to