[CentOS] Pam problems

Thu Feb 23 18:20:20 UTC 2012
Steve Campbell <campbell at cnpapers.com>

On 2/23/2012 12:44 PM, Les Mikesell wrote:
> On Thu, Feb 23, 2012 at 11:18 AM, Steve Campbell<campbell at cnpapers.com>  wrote:
>> Seems that I've gotten myself into a war over on the dovecot forums. Not
>> what I intended to do, but when using sendmail with dovecot, it  appears
>> that dovecot auth takes over what sasl auth used to do.
> You are still not making any sense.  Dovecot doesn't do anything
> directly to sendmail.  If anything like this is happening at all, it
> is in the configurations as shipped by whatever packages you have
> installed, or some local change you have.  Or maybe by the
> slightly-weird 'alternatives' system.  Have you followed all of the
> symlinks that might be involved?

Symlinks? I haven't found any of those yet. All files are real files
>> Pretty much over there uses postfix and postfix supports dovecot auth.
>> sendmail doesn't. I don't know how to separate the auth stuff.
> What does that mean.  And what do you want to happen?
Meant to say pretty much everyone over on the dovecot list must be using 
postfix, which has support for dovecot auth. I'd like to make sendmail 
use cyrus sasl, and I don't really care what auth dovecot uses, but I'm 
guessing it's inflexible so that it probably will use dovecot auth. The 
suggestion to make them the same has been brought up, but all's I want 
to use is the PAM mechanism.
>> I agree with you concerning the pam files being pretty simple. If I turn
>> off dovecot and try and connect to port 587, I get nothing including no
>> return.
> What does 'turn off dovecot' mean?  And did you note the comment in sendmail.mc:
> ' Please remember that saslauthd needs to be running for AUTH'

turn off dovecot means "service dovecot stop" or 
"/etc/rc.d/init.d/dovecot stop". saslauthd is still running and so is 
sendmail. saslauthd is started at boot and I've made sure it really is 
running using ps.
>> If I turn on dovecot, I get dovecot auth failures in my secure
>> logs. Sort of tells me that dovecot is taking over the auth processes
>> from sasl. I could be wrong.
> That would probably be a good thing, since you generally want the same
> people to authenticate the same way for imap and authenticated
> sending.    Why not leave that part alone and focus on fixing it?

Believe me, if I knew where to start looking, I would. As far as 
everything I've looked out, both should be using pam, but the auth file 
for dovecot is a little cryptic to me. My fault, I know, but still I'm 
not finding out a lot about it.

This is a great suggestion, and for the time being, I'll concentrate on 
the auth config file for dovecot.

Sorry to all for sounding so buttish. Don't mean to be that way.

Thanks for all the help so far