Bug 113975

Summary: posfix 2.0.16-2 provides /etc/sysconfig/saslauthd, which it should not be providing
Product: [Retired] Red Hat Raw Hide Reporter: Nalin Dahyabhai <nalin>
Component: postfixAssignee: John Dennis <jdennis>
Status: CLOSED NEXTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: high    
Version: 1.0CC: florin
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-02-24 23:14:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nalin Dahyabhai 2004-01-20 21:21:35 UTC
Description of problem:
The postfix package provides /etc/sysconfig/saslauthd, which it should
not be providing.

Version-Release number of selected component (if applicable):
2.0.16-2

How reproducible:
Always

Steps to Reproduce:
1. Install postfix-2.0.16-2.
2. Run "rpm -qf /etc/sysconfig/saslauthd".
  
Actual results:
postfix-2.0.16-2

The configuration overrides the default mechanism (shadow, set as the
default in /etc/init.d/saslauthd) with "pam".

Expected results:
The file should not be there.  If it exists, it should be created by
the system administrator.

Additional info:
In a default configuration, the "pam" mechanism is going to end up
having the same effect as "shadow", but without the extra layers of
abstraction.  The "pam" mechanism support in saslauthd uses the SASL
application name as the PAM service used, so changing this adds a the
PAM configuration file as a requirement for little benefit.

Comment 1 John Dennis 2004-01-20 23:12:42 UTC
I thought the process worked like this, you can tell me if I have a
misunderstanding or why my reasoning is not valid.

Authentication preferences are controlled by PAM. Thus a system
administrator can go to one well known place (e.g. /etc/pam.d) and set
the authentication for a variety of services. Also because of the way
PAM can "chain" together configurations you can build heirarchies and
pick up defaults. One of the possibilities PAM offers is shadow. Thus
the configuration Postfix provides says "let the centralized
authentication service be consulted on how to authenticate" and if the
sys admin wants shadow for smtp they get it, or if thats the system
wide default they get it.

If saslauthd specifies "shadow" aren't we bypassing the centralized
authentication configuration we are encouraging sys admins to use?

Comment 2 John Dennis 2004-02-03 19:46:22 UTC
*** Bug 114868 has been marked as a duplicate of this bug. ***

Comment 3 John Dennis 2004-02-03 20:16:23 UTC
*** Bug 114868 has been marked as a duplicate of this bug. ***

Comment 4 John Dennis 2004-02-24 23:14:34 UTC
config file installed by postfix is now removed in RHEL 3 Update 2 and
FC2. Closing.