Bug 113975 - posfix 2.0.16-2 provides /etc/sysconfig/saslauthd, which it should not be providing
Summary: posfix 2.0.16-2 provides /etc/sysconfig/saslauthd, which it should not be pro...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: postfix
Version: 1.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: John Dennis
QA Contact: David Lawrence
URL:
Whiteboard:
: 114868 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-01-20 21:21 UTC by Nalin Dahyabhai
Modified: 2007-03-27 04:13 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-02-24 23:14:34 UTC
Embargoed:


Attachments (Terms of Use)

Description Nalin Dahyabhai 2004-01-20 21:21:35 UTC
Description of problem:
The postfix package provides /etc/sysconfig/saslauthd, which it should
not be providing.

Version-Release number of selected component (if applicable):
2.0.16-2

How reproducible:
Always

Steps to Reproduce:
1. Install postfix-2.0.16-2.
2. Run "rpm -qf /etc/sysconfig/saslauthd".
  
Actual results:
postfix-2.0.16-2

The configuration overrides the default mechanism (shadow, set as the
default in /etc/init.d/saslauthd) with "pam".

Expected results:
The file should not be there.  If it exists, it should be created by
the system administrator.

Additional info:
In a default configuration, the "pam" mechanism is going to end up
having the same effect as "shadow", but without the extra layers of
abstraction.  The "pam" mechanism support in saslauthd uses the SASL
application name as the PAM service used, so changing this adds a the
PAM configuration file as a requirement for little benefit.

Comment 1 John Dennis 2004-01-20 23:12:42 UTC
I thought the process worked like this, you can tell me if I have a
misunderstanding or why my reasoning is not valid.

Authentication preferences are controlled by PAM. Thus a system
administrator can go to one well known place (e.g. /etc/pam.d) and set
the authentication for a variety of services. Also because of the way
PAM can "chain" together configurations you can build heirarchies and
pick up defaults. One of the possibilities PAM offers is shadow. Thus
the configuration Postfix provides says "let the centralized
authentication service be consulted on how to authenticate" and if the
sys admin wants shadow for smtp they get it, or if thats the system
wide default they get it.

If saslauthd specifies "shadow" aren't we bypassing the centralized
authentication configuration we are encouraging sys admins to use?

Comment 2 John Dennis 2004-02-03 19:46:22 UTC
*** Bug 114868 has been marked as a duplicate of this bug. ***

Comment 3 John Dennis 2004-02-03 20:16:23 UTC
*** Bug 114868 has been marked as a duplicate of this bug. ***

Comment 4 John Dennis 2004-02-24 23:14:34 UTC
config file installed by postfix is now removed in RHEL 3 Update 2 and
FC2. Closing.


Note You need to log in before you can comment on or make changes to this bug.