Red Hat Bugzilla – Bug 113975
posfix 2.0.16-2 provides /etc/sysconfig/saslauthd, which it should not be providing
Last modified: 2007-03-27 00:13:41 EDT
Description of problem:
The postfix package provides /etc/sysconfig/saslauthd, which it should
not be providing.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install postfix-2.0.16-2.
2. Run "rpm -qf /etc/sysconfig/saslauthd".
The configuration overrides the default mechanism (shadow, set as the
default in /etc/init.d/saslauthd) with "pam".
The file should not be there. If it exists, it should be created by
the system administrator.
In a default configuration, the "pam" mechanism is going to end up
having the same effect as "shadow", but without the extra layers of
abstraction. The "pam" mechanism support in saslauthd uses the SASL
application name as the PAM service used, so changing this adds a the
PAM configuration file as a requirement for little benefit.
I thought the process worked like this, you can tell me if I have a
misunderstanding or why my reasoning is not valid.
Authentication preferences are controlled by PAM. Thus a system
administrator can go to one well known place (e.g. /etc/pam.d) and set
the authentication for a variety of services. Also because of the way
PAM can "chain" together configurations you can build heirarchies and
pick up defaults. One of the possibilities PAM offers is shadow. Thus
the configuration Postfix provides says "let the centralized
authentication service be consulted on how to authenticate" and if the
sys admin wants shadow for smtp they get it, or if thats the system
wide default they get it.
If saslauthd specifies "shadow" aren't we bypassing the centralized
authentication configuration we are encouraging sys admins to use?
*** Bug 114868 has been marked as a duplicate of this bug. ***
config file installed by postfix is now removed in RHEL 3 Update 2 and