This is an update to ebuild/bug report #263 I have tried to make this version more conform to gentoo standards but there are a lot of issues and dependencies. Probably I need some hints. I made this package because i need cyrus-imap daemon (imap, imaps, pop3, pop3s, sieve) which cannot build without SASL. This package: SASL - Simple Authentication and Security Layer SASL is a framework/library which is used by client and server software to authentificate a remote client. SASL is used by cyrus-imapd, sendmail, mutt and other. Sasl has two kinds of authentication mechanism: 1. PLAIN (which use PAM or pwcheck daemon). With PLAIN mechanism you can use existing password databases like /etc/shadow or PAM->ldap or PAM->anything. 2. "shared secret mechanism" with sasldb: cram, scram and digest. Passwords are stored in unencrypted form in database files /etc/sasl/sasldb*. Passwords are manipulated with saslpasswd. 3. TODO: kerberos modules and doku The ebuild selects PLAIN- >pwcheck (uses /etc/shadow) as default I suggest to put this package to dev- libs/... There are three issues with the library: 1. Cyrus default configuration path was "/usr/lib/sasl/<program>.conf". To protect configuration files I wrote a patch to change the path to "/etc/sasl/<program>.conf". 2. There is no way to disable authentication modules with configuration files. If a modul is present in /usr/lib/sasl then SASL advertises this method to a client. Problem: How can the ebuild manage the active modules when emerge updates this package. 1. Use USE variable to compile only desired modules. We need many new entries: sasl-anon, sasl-plain, sasl-cram, sasl-digest, sasl-scram and maybe sasl-kerberos.... That's not a smart solution... 2. Install the modules to /usr/lib/sasl/disabled/ In pkg_postinst overwrite modules which exist in /usr/lib/sasl/ I implement 2. Suggestions ? 3. SASL includes a daemon which can be used to check passwords in /etc/shadow. I wrote an init script: /etc/init.d/pwcheck To use pwcheck, the server software must have access to a unix socket in /var/pwcheck. I use pwcheck as the default mechanism for cyrus mail server daemons: imap, imaps, pop3, pop3s, sieve, imsp, acap My ebuild executes: (suggestion form cyrus documentation) chown cyrus /var/pwcheck chmod 700 /var/pwcheck Ups, a new user "cyrus" with group "mail" is needed!! /etc/passwd may contain something like: cyrus:x:96:12:Cyrus Mail Server:/usr/cyrus:/bin/bash SASL works without cyrus user, but all cyrus damons needs it. I suggest to add user 'cyrus' to the baselayout. Files in this package: cyrus-sasl- 1.5.27-r1.ebuild README.gentoo cyrus-sasl-1.5.27-conf-path-gentoo.diff cyrus-sasl- 1.5.27-scam.c-gentoo.diff pwcheck Other packages follwing: cyrus-imapd-2.0.16-r1 cyrus-imspd-1.6.3
Sorry, but file attachment does not work (opera, iexplorer, w3m). I always got error message "No file was provided, or it was empty." I put the ebuild + patchfiles + readme here: http://www.vamos.de/files/dev-libs_cyrus-sasl-1.5.27-r1.tar.gz (3kb) regards Michael Tartsch
Arcady, Can you handle these? I'm a bit swamped right now, and these ebuilds require more thought and care than I can give them right now.
*** Bug 263 has been marked as a duplicate of this bug. ***
i checked in a cyrus-sasl package. thanks for your submission, i even used one of your patches. however i dont like the way you packaged this, so the ebuild bears little resemblance to your submission, no offense. if you have suggestions, please report them to me. postfix for example is configurable for which authentication methods it will advertise.
I don't know why this bug has been reopened, but I'm punting this to bug-wranglers, since Cyrus with its SASL etc. is outside of my competence and interest. Woodchip may be the right assignee for this bug.