On Thu, Jan 9, 2014 at 9:28 PM, Michiel van Es <[email protected]> wrote:
>
> the default pam module is not loaded correctly thus authentication is not
> working.
> You create a /etc/pam.d/smtp.opensmtpd file with a correct PAM
> configuration but OpenSMTPD build with PAM looks for /etc/pam.d/smtpd
> (default Red Hat installs /etc/pam.d/smtp for Postfix).
>
Right, "/etc/pam.d/smtp" is the proper path for smtp-related pam in
RH-system for all mail daemons. It's the symlink to alternatives mta-pam
and, thus, to "smtp.opensmtpd".
> Strace proof:
>
> recvmsg(8, {msg_name(0)=NULL, msg_iov(1)=[{".\0\0\0.\0\0\0\
> 0\0\0\0\372\35\0\0\5B\250\234\23\21\317\374\17\3mve\0\3v"..., 65535}],
> msg_controllen=0, msg_flags=0}, 0) = 46
> stat("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> open("/etc/pam.d/smtpd", O_RDONLY) = -1 ENOENT (No such file or
> directory)
> open("/etc/pam.d/other", O_RDONLY) = 5
> fstat(5, {st_mode=S_IFREG|0644, st_size=154, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7fe558784000
> read(5, "#%PAM-1.0\nauth required "..., 4096) = 154
> open("/lib64/security/pam_deny.so", O_RDONLY) = 7
>
The issue that we would better have pam path configurable, to set it to
"/etc/pam.d/smtp" instead of "/etc/pam.d/smtpd" default value.
Gilles, what do you think on that option?
Alternatively, a small trivial patch will go there.
> Therefor authentication via PAM fails, when I create a symlink :
> ln -s /etc/pam.d/smtp.opensmtpd /etc/pam.d/smtpd it works fine:
>
Simply "ln -s /etc/pam.d/smtp /etc/pam.d/smtpd" would also be fine after
selecting opensmtpd in alternatives.
[root@fc19-amd64 x86_64]# /usr/sbin/alternatives --set mta
/usr/sbin/sendmail.opensmtpd
[root@fc19-amd64 x86_64]# file /etc/pam.d/smtp
/etc/pam.d/smtp: symbolic link to `/etc/alternatives/mta-pam'
[root@fc19-amd64 x86_64]# file /etc/alternatives/mta-pam
/etc/alternatives/mta-pam: symbolic link to `/etc/pam.d/smtp.opensmtpd'
---
wbr, Denis.
