[CentOS] Pam problems

Thu Feb 23 17:18:38 UTC 2012
Steve Campbell <campbell at cnpapers.com>


On 2/23/2012 11:55 AM, Les Mikesell wrote:
> On Thu, Feb 23, 2012 at 10:39 AM,<me at tdiehl.org>  wrote:
>>>> Seems I've found that dovecot is handling the auth for smtp, and it
>>>> doesn't like sendmail very much since their documentation avoids
>>>> sendmail like the plague.
>> The Dovecot developer is a smart dude. :-)
>>
>>> None of that makes any sense.  Dovecot should have nothing to do with
>>> smtp, so of course it doesn't have anything about sendmail in its
>>> documentation other than adding its local delivery agent which should
>>> be their only interaction and you probably don't even need to use
>>> that.
>> Actually it might. Dovecot can do the sasl auth part. I have not touched
>> sendmail in at least 10 years, so I do not know anything about the current
>> default sendmail config but I know dovecot sasl auth is easier to config
>> for postfix (5 lines in the postfix main.cf IIRC).
>>
>> I suppose it is possible that RH switched sendmail to user dovecot sasl
>> in their default config.
> Sendmail is infinitely configurable, but I don't see any uncommented
> Auth schemes in the stock sendmail.mc and the smtp-sendmail file in
> pam.d just invokes 'system-auth' on 5.x and 'password-auth' on 6.x,
> like most of the other things.  Something else must be going on here.

Seems that I've gotten myself into a war over on the dovecot forums. Not 
what I intended to do, but when using sendmail with dovecot, it  appears 
that dovecot auth takes over what sasl auth used to do.

Pretty much over there uses postfix and postfix supports dovecot auth. 
sendmail doesn't. I don't know how to separate the auth stuff.

I agree with you concerning the pam files being pretty simple. If I turn 
off dovecot and try and connect to port 587, I get nothing including no 
return. If I turn on dovecot, I get dovecot auth failures in my secure 
logs. Sort of tells me that dovecot is taking over the auth processes 
from sasl. I could be wrong.

steve
>