[CentOS] Pam problems

Thu Feb 23 21:10:22 UTC 2012
Steve Campbell <campbell at cnpapers.com>


On 2/23/2012 3:57 PM, Les Mikesell wrote:
> On Thu, Feb 23, 2012 at 2:20 PM, Steve Campbell<campbell at cnpapers.com>  wrote:
>>> On a 6.x system with dovecot and sendmail,  /etc/pam.d/smtp is a
>>> symlink.  I haven't tracked down the significance.
>> It appears it's just a basic pam file but instead of system-auth, it has
>> password-auth.
> System-auth was normal in 5.x, 6.x should have password-auth in most
> or all of the same places.  And since you mentioned something about
> pam_stack earlier, that might be from 3.x, replaced by proper
> 'include' now.
>
>> Correct again. Apparently, since sendmail is the secondary choice for
>> MTA and dovecot is to work with postfix, nothing about my setup now is
>> standard or default except for dovecot.
> A yum-installed sendmail should be 'standard enough' if you haven't
> done something like dropping a Centos 3.x sendmail.mc on top of the
> new one.
>
>> Looks like I'm going to have to push postfix into service. It means
>> learning where all the options are, just like in dovecot, and modifying
>> any software that depends on the sendmail package, like MailScanner and
>> who knows what else until I hit it.
> There might be a little safety-in-numbers from other people who don't
> know how to configure sendmail, but that's not really a good reason to
> switch.   If sendmail auth works the way you expect before installing
> dovecot, just rpm -q --list dovecot and figure out which piece is
> breaking things.

I never tested sendmail auth after setting things up. All seemed to be 
fine since sendmail reported all the auth stuff I needed when running 
the sendmail command. This was my fault for not testing this part.

The sendmail cf file was not copied, but most of the parms were 
duplicated in the sendmail.mc file and sendmail was rebuilt. No errors. 
Auth was never working properly since once I put dovecot on, saslauthd 
was scrambled. Unfortunately, I needed the pop and imap server before I 
found out auth was failing.

I can't blame any of the software for the problems I've created. But for 
now, I'm going into learn-postfix-crash mode and hope it'll do better 
for me. I can use the second new server to test with before I bring the 
original new server to it's knees.

What a pain, though.

steve
>