postfix currently installs /etc/sasl2/smtpd.conf, but it should create a symlink to it in /usr/lib/sasl2 otherwise saslauthd won't see it. dosym /etc/sasl2/smdpd.conf /usr/lib/sasl2/smptd.conf
sasl is (or should be) compiled to look in /etc/sasl2 for its configs. I know cyrus-sasl-2.0.17 does this, I am not sure about prior versions. Will look unless someone beats me to it.
Max I can confirm that postfix won't send mail without this link in place. /me shrugs.
postfix 2.0.19 breaks sasl authentication for smtp. I'm currently using cyrus-sasl 2.1.14. The fix for this is discussed here: http://forums.gentoo.org/viewtopic.php?t=136548&highlight=sasl+login+authentication+failed Basically, it is missing the symlink, which is resolved by this: # ln -s /etc/sasl2/smtpd.conf /usr/lib/sasl2/smtpd.conf # postfix reload
any chance you folks can try sasl 2.0.18? I know this is fixed there.
I'll chime in, too: postfix-2.0.19/cyrus-sasl-2.1.14-r1 is definitely still looking for the sasl config at /usr/lib/sasl2/smtpd.conf. This smacks of an upstream bug, because the ebuild looks like it sends the "--with-configdir" to ./configure correctly. The good news is that 2.1.18 appears to fix it (probably got fixed somewhere in between, but I didn't check which version). I've bumped up to 2.1.18 and sasl now seems to be happy with the config at /etc/sasl2/smtpd.conf. A CAVEAT FOR ANYONE DECIDING TO UPGRADE: I mention this here because many of you experiencing this bug will probably decide to skip it by just upgrading. At some point between 2.1.14 and 2.1.18, they changed the syntax slightly (mysql and postgres have now been abstracted into a single auxprop plugin). Very simple, but you have to make the change. Example. If your smtpd.conf previously resembled: pwcheck_method: auxprop auxprop_plugin: mysql mysql_user: DBUSER mysql_passwd: PASSWORD mysql_hostnames: 127.0.0.1 mysql_database: YOURDB mysql_statement: select WHATEVER from WHEREVER then it should now look like: pwcheck_method: auxprop auxprop_plugin: sql sql_engine: mysql sql_user: DBUSER sql_passwd: PASSWORD sql_hostnames: 127.0.0.1 sql_database: YOURDB sql_select: select WHATEVER from WHEREVER Note the new name of the auxprop plugin, the new "sql_engine" item, and the changes from mysql_* to sql_*. Similar syntax changes for postgresql users. Don't forget to make similar changes to your SASL IMAP/POP server configs (and anything else using SASL for that matter), too. ;)
Oops...forgot one! The "mysql_statement" config changed names to "sql_select" (there are now also configs for sql_insert and sql_update, which raises interesting possibilities, but I digress).
This cyrus upgrade issue has sparked quite a debate at Bug 39497. What I'd like to do is implement this bugfix (symlink in the ebuild) for cyrus-sasl-2.1.15 and maintain that ebuild until something renders it completely unusable. This will allow people who want to continue to use pam_mysql to stay with this library. For the rest (not relevant here), refer to Bug 39497. Thoughts?
I would go ahead and add the patch, but I would also write a short article expaining how, why, and when pam_mysql support will be going away, and submit it to GWN (carlos@gentoo.org). When we do end-of-life pam_mysql I think we should have a short blurb on the front page www.g.o, and I can help w/ that.
I would like to see some comments on why the pam_mysql lib is going away. It is used in the Virtual Mailhosting System with Postfix Guide at http://www.gentoo.org/doc/en/virt-mail-howto.xml in 10. Configuring MySQL Authentication and vhosts I've tried to get the shadow lib to work, but It appears to be broken. If anybody knows a way around this I would be willing to move away from this method. I'd hate to regress to hash tables after setting up things to work from a MySQL db.
Wendall, please see Bug #39497 for discussion on that subject. P.S. You should switch to auxprop (using a config similar to my earlier comment): A. It's better (fewer middlemen in the authentication path. B. It's less error-prone. C. It's Cyrus' recommended way. D. It works.
This is old. Should be resolved already.
