toniotonio | sur une debian
avec les packages testing
Code :
- /etc/pam.d/smtp
- auth required pam_nologin.so
- auth required pam_mysql.so user=postfix passwd=xxx host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1
- #auth required pam_unix.so
- auth required pam_env.so # [1]
- account sufficient pam_mysql.so user=postfix passwd=xxxx host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1
- account required pam_unix.so
|
Code :
- /etc/init.d/saslauthd
- #! /bin/sh
- ### BEGIN INIT INFO
- # Provides: saslauthd
- # Required-Start: $local_fs $remote_fs
- # Required-Stop: $local_fs $remote_fs
- # Default-Start: 2 3 4 5
- # Default-Stop: S 0 1 6
- # Short-Description: saslauthd startup script
- # Description: This script starts the saslauthd daemon. It is
- # configured using the file /etc/default/saslauthd.
- ### END INIT INFO
- # Author: Fabian Fagerholm <fabbe@debian.org>
- #
- # Based on previous work by Dima Barsky.
- # Do NOT "set -e"
- # PATH should only include /usr/* if it runs after the mountnfs.sh script
- PATH=/usr/sbin:/usr/bin:/sbin:/bin
- DESC="SASL Authentication Daemon"
- NAME=saslauthd
- DAEMON=/usr/sbin/$NAME
- DAEMON_ARGS=""
- SCRIPTNAME=/etc/init.d/$NAME
- FALLBACK_RUN_DIR=/var/run/$NAME
- EXIT_ERROR_CODE=1
-
- # Exit if the daemon is not installed
- test -x "$DAEMON" || exit 0
-
- # Read configuration variable file if it is present
- [ -r /etc/default/$NAME ] && . /etc/default/$NAME
-
- # Load the VERBOSE setting and other rcS variables
- [ -f /etc/default/rcS ] && . /etc/default/rcS
-
- # Define LSB log_* functions.
- # Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
- . /lib/lsb/init-functions
-
- # Determine run directory and pid file location by looking for an -m option.
- RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
- if [ -z "$RUN_DIR" ]; then
- # No run directory defined in defaults file, use fallback
- RUN_DIR=$FALLBACK_RUN_DIR
- fi
- PIDFILE=$RUN_DIR/saslauthd.pid
-
- # If the daemon is not enabled, give the user a warning and then exit,
- # unless we are stopping the daemon
- if [ "$START" != "yes" -a "$1" != "stop" ]; then
- log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
- exit 0
- fi
-
- # If no mechanisms are defined, log this and exit
- if [ -z "$MECHANISMS" ]; then
- log_failure_msg "No mechanisms defined in /etc/default/$NAME," \
- "not starting $NAME"
- exit $EXIT_ERROR_CODE
- fi
-
- # If there are mechanism options defined, prepare them for use with the -O flag
- if [ -n "$MECH_OPTIONS" ]; then
- MECH_OPTIONS="-O $MECH_OPTIONS"
- fi
-
- # If there is a threads option defined, prepare it for use with the -n flag
- if [ -n "$THREADS" ]; then
- THREAD_OPTIONS="-n $THREADS"
- fi
-
- # Construct argument string
- DAEMON_ARGS="$DAEMON_ARGS -a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"
-
- #
- # Function that creates a directory with the specified
- # ownership and permissions
- #
- createdir()
- {
- # $1 = user
- # $2 = group
- # $3 = permissions (octal)
- # $4 = path to directory
- # In the future, use -P/-Z to have SE Linux enhancement.
- install -d --group="$2" --mode="$3" --owner="$1" "$4"
- }
-
- #
- # Function that starts the daemon/service
- #
- do_start()
- {
- # Return
- # 0 if daemon has been started
- # 1 if daemon was already running
- # 2 if daemon could not be started
-
- if dpkg-statoverride --list $RUN_DIR > /dev/null; then
- dir=`dpkg-statoverride --list $RUN_DIR`
- fi
- test -z "$dir" || createdir $dir
-
- start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
- --exec $DAEMON --test > /dev/null \
- || return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
- --exec $DAEMON -- $DAEMON_ARGS \
- || return 2
- # Add code here, if necessary, that waits for the process to be ready
- # to handle requests from services started subsequently which depend
- # on this one. As a last resort, sleep for some time.
- }
-
- #
- # Function that stops the daemon/service
- #
- do_stop()
- {
- # Return
- # 0 if daemon has been stopped
- # 1 if daemon was already stopped
- # 2 if daemon could not be stopped
- # other if a failure occurred
- start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
- --pidfile $PIDFILE --name $NAME
- RETVAL="$?"
- [ "$RETVAL" = 2 ] && return 2
- # Wait for children to finish too if this is a daemon that forks
- # and if the daemon is only ever run from this initscript.
- # If the above conditions are not satisfied then add some other code
- # that waits for the process to drop all resources that could be
- # needed by services started subsequently. A last resort is to
- # sleep for some time.
- start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
- --exec $DAEMON
- [ "$?" = 2 ] && return 2
- # Many daemons don't delete their pidfiles when they exit.
- rm -f $PIDFILE
- return "$RETVAL"
- }
-
- #
- # Function that sends a SIGHUP to the daemon/service
- #
- do_reload() {
- #
- # If the daemon can reload its configuration without
- # restarting (for example, when it is sent a SIGHUP),
- # then implement that here.
- #
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE \
- --name $NAME
- return 0
- }
-
- case "$1" in
- start)
- [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
- do_start
- case "$?" in
- 0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
- 1) [ "$VERBOSE" != no ] && log_progress_msg "(already running)" && \
- log_end_msg 0 ;;
- 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
- esac
- ;;
- stop)
- [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
- do_stop
- case "$?" in
- 0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
- 1) [ "$VERBOSE" != no ] && log_progress_msg "(not running)" && \
- log_end_msg 0 ;;
- 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
- esac
- ;;
- #reload|force-reload)
- #
- # If do_reload() is not implemented then leave this commented out
- # and leave 'force-reload' as an alias for 'restart'.
- #
- #log_daemon_msg "Reloading $DESC" "$NAME"
- #do_reload
- #log_end_msg $?
- #;;
- restart|force-reload)
- #
- # If the "reload" option is implemented then remove the
- # 'force-reload' alias
- #
- log_daemon_msg "Restarting $DESC" "$NAME"
- do_stop
- case "$?" in
- 0|1)
- do_start
- case "$?" in
- 0) log_end_msg 0 ;;
- 1) log_end_msg 1 ;; # Old process is still running
- *) log_end_msg 1 ;; # Failed to start
- esac
- ;;
- *)
- # Failed to stop
- log_end_msg 1
- ;;
- esac
- ;;
- *)
- echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
- exit 3
- ;;
- esac
-
- :
|
Code :
- /etc/default/saslauthd
- #
- # Settings for saslauthd daemon
- #
- # Should saslauthd run automatically on startup? (default: no)
- START=yes
- # Which authentication mechanisms should saslauthd use? (default: pam)
- #
- # Available options in this Debian package:
- # getpwent -- use the getpwent() library function
- # kerberos5 -- use Kerberos 5
- # pam -- use PAM
- # rimap -- use a remote IMAP server
- # shadow -- use the local shadow password file
- # sasldb -- use the local sasldb database file
- # ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
- #
- # Only one option may be used at a time. See the saslauthd man page
- # for more information.
- #
- # Example: MECHANISMS="pam"
- MECHANISMS="pam"
- # Additional options for this mechanism. (default: none)
- # See the saslauthd man page for information about mech-specific options.
- MECH_OPTIONS=""
- # How many saslauthd processes should we run? (default: 5)
- # A value of 0 will fork a new process for each connection.
- THREADS=5
- # Other options (default: -c)
- # See the saslauthd man page for information about these options.
- #
- # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
- # Note: See /usr/share/doc/sasl2-bin/README.Debian
- OPTIONS="-c -r -m /var/spool/postfix/var/run/saslauthd"
|
saslauthd
---------
Using saslauthd with Postfix:
If you run a chrooted server such as Postfix and wish to use saslauthd, you
must place the saslauthd socket ("mux" ) inside the Postfix chroot. You must
also set correct overrides for the run directory inside the chroot, using
dpkg-statoverride. Finally, you must add the postfix user to the sasl group.
These steps ensure that the Debian subsystems know how you want things to be
laid out.
To place the saslauthd socket inside the Postfix chroot, edit
/etc/default/saslauthd and set OPTIONS like this (you may omit -c):
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
To set the run directory using dpkg-statoverride, run this command as root:
dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
Finally, to add the postfix user to the sasl group:
adduser postfix sasl
The init script will automatically create the run directory with the
permissions you have set using dpkg-statoverride. Please note that you must
also configure Postfix correctly. There are many options related to SASL. See
the Postfix documentation for how to do this.
-- Fabian Fagerholm <fabbe@debian.org>, Tue, 14 Nov 2006 14:21:50 +0200
|
