So...I have solved many of my problems. Read below for information about bugs and deficiencies in the available information.
> I am using mdk8.1 (with no kinky hacks), and when I try to enable > authentication, I get the following error in my syslog: > > postfix/smtpd[32033]: warning: smtpd_sasl_auth_enable is true, but SASL > support is not compiled in > > ... > > - I downloaded the SRPM for postfix and rebuilt it, and checked the spec > file to make sure it was configuring and making with the appropriate flags > to compile in SASL support. All versions of the postfix spec file, including the most recent cooker release, have a bug. The flag -DUSE_SASL_AUTH appears incorrectly in the make command as -I-DUSE_SASL_AUTH, so SASL authentication isn't actually built in. This is at line 59 of the most recent version (postfix-20010228-16mdk). > - I created an smtpd.auth file for SASL containing "pwcheck_method = ..." > and tried putting it in both /etc/sasl/ and /usr/lib/sasl/ The URL http://www.thecabal.org/~devin/postfix/smtp-auth.txt, linked from the postfix.org documentation page, gives incorrect flags for configuring SASL. Incorrect form: pwcheck_method = pam Correct form: pwcheck_method: pam Now I am faced with the following security dilemma: a program must be run as root to access the PAM database, but I'd rather not run smtpd as root. Any suggestions? I guess I don't have to use PAM, but functionally it seems like the most flexible and integrated option. Any suggestions? --JF
