Red Hat Bugzilla – Bug 113975
posfix 2.0.16-2 provides /etc/sysconfig/saslauthd, which it should not be providing
Last modified: 2007-03-27 00:13:41 EDT
Description of problem: The postfix package provides /etc/sysconfig/saslauthd, which it should not be providing. Version-Release number of selected component (if applicable): 2.0.16-2 How reproducible: Always Steps to Reproduce: 1. Install postfix-2.0.16-2. 2. Run "rpm -qf /etc/sysconfig/saslauthd". Actual results: postfix-2.0.16-2 The configuration overrides the default mechanism (shadow, set as the default in /etc/init.d/saslauthd) with "pam". Expected results: The file should not be there. If it exists, it should be created by the system administrator. Additional info: In a default configuration, the "pam" mechanism is going to end up having the same effect as "shadow", but without the extra layers of abstraction. The "pam" mechanism support in saslauthd uses the SASL application name as the PAM service used, so changing this adds a the PAM configuration file as a requirement for little benefit.
I thought the process worked like this, you can tell me if I have a misunderstanding or why my reasoning is not valid. Authentication preferences are controlled by PAM. Thus a system administrator can go to one well known place (e.g. /etc/pam.d) and set the authentication for a variety of services. Also because of the way PAM can "chain" together configurations you can build heirarchies and pick up defaults. One of the possibilities PAM offers is shadow. Thus the configuration Postfix provides says "let the centralized authentication service be consulted on how to authenticate" and if the sys admin wants shadow for smtp they get it, or if thats the system wide default they get it. If saslauthd specifies "shadow" aren't we bypassing the centralized authentication configuration we are encouraging sys admins to use?
*** Bug 114868 has been marked as a duplicate of this bug. ***
config file installed by postfix is now removed in RHEL 3 Update 2 and FC2. Closing.