diff options
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/README.txt | 13 | ||||
-rw-r--r-- | contrib/pam-pwdfile.spec | 44 | ||||
-rw-r--r-- | contrib/warwick_duncan-cyrus_without_system_accounts.txt | 49 |
3 files changed, 0 insertions, 106 deletions
diff --git a/contrib/README.txt b/contrib/README.txt deleted file mode 100644 index 1c0f886..0000000 --- a/contrib/README.txt +++ /dev/null @@ -1,13 +0,0 @@ -* Makefile.standalone-0.95 and pam-pwdfile.spec were contributed by Jason F. - McBrayer <jason@xeran.com>. You can use these for building RPMs of - pam_pwdfile; you should also be able to use the Makefile to build - pam_pwdfile on other platforms _without_ the Linux-PAM hierarchy. - -* warwick_duncan-cyrus_without_system_accounts.txt is a short explanation by - Warwick Duncan on how to get Cyrus IMAPD + pam_pwdfile to work WITHOUT - having to create system accounts for IMAPD users. - -* Makefile.standalone was contributed by Gerald Richter and should be more - up to date than Makefile.standalone-0.95. The primary difference is that - Gerald's Makefile also takes into account the new md5 code. - diff --git a/contrib/pam-pwdfile.spec b/contrib/pam-pwdfile.spec deleted file mode 100644 index cbcd88a..0000000 --- a/contrib/pam-pwdfile.spec +++ /dev/null @@ -1,44 +0,0 @@ -%define nam pam-pwdfile -%define ver 0.95 -%define prefix /usr -%define docdir %{prefix}/doc/%{nam}-%{ver} - -%define installer /usr/bin/install - -Summary: A PAM module that allows users to authenticate on htpasswd-type files separate from /etc/passwd. -Name: pam-pwdfile -Version: %{ver} -Release: 1 -Copyright: LGPL -Group: System Environment/Base -Source0: %{nam}-%{ver}.tar.gz -Source1: pam-pwdfile-Makefile.standalone -URL: http://cpbotha.net/pam_pwdfile.html -Distribution: Xeran Internal Packages -Vendor: Xeran Technologies -Packager: Jason F. McBrayer <jason@xeran.com> -BuildRoot: /var/tmp/%{nam}-%{ver}-root -BuildPrereq: pam -Requires: pam - -%description -This pam module can be used for the authentication service only, in cases -where one wants to use a different set of passwords than those in the main -system password database. E.g. in our case we have an imap server running, -and prefer to keep the imap passwords different from the system passwords -for security reasons. - -%prep -%setup -cp $RPM_SOURCE_DIR/pam-pwdfile-Makefile.standalone $RPM_BUILD_DIR/%{nam}-%{ver}/Makefile.standalone - -%build -make -f Makefile.standalone - -%install -make -f Makefile.standalone PAM_LIB_DIR="$RPM_BUILD_ROOT/lib/security" install - -%files -%attr(0755, root, root) /lib/security/pam_pwdfile.so -%attr(-, root, root) %doc README -%attr(-, root, root) %doc changelog diff --git a/contrib/warwick_duncan-cyrus_without_system_accounts.txt b/contrib/warwick_duncan-cyrus_without_system_accounts.txt deleted file mode 100644 index 0144af1..0000000 --- a/contrib/warwick_duncan-cyrus_without_system_accounts.txt +++ /dev/null @@ -1,49 +0,0 @@ -On Tue, Jan 14, 2003 at 01:06:02AM +0100, Charl P. Botha wrote: -[...] -> ----- Forwarded message from Darren Gibbons ----- -[...] -> It is however possible with certain applications patched for pam -> (Cyrus IMAP server e.g.) that one does not need the users to -> exist in the system database. -[...] - -I've got it working with cyrus 2.0 and 2.1, so I'll give some pointers -on both. When I say `cyrus x' I mean cyrus imapd version x and -whichever version of sasl you need with it. - -Cyrus 2.0 ---------- - -- sasl must be configured with `--with-pam --enable-plain'; it doesn't - hurt to add `--disable cram --disable-digest' -- imapd must be configured with `--with-auth=unix' (sounds like you got - that right) -- in imapd.conf you need the line - sasl_pwcheck_method: PAM -- in /etc/pam.d/imap (on FreeBSD I believe you use /etc/pam.conf, but - the idea is similar) you need - auth required pam_pwdfile.so pwdfile /path/to/passwordfile - account required pam_permit.so -- make sure your password file is readable by user cyrus - -The idea of all this is to use the SASL PLAIN mechanism to get the -password in plaintext and then get SASL to leave the authentication to -PAM, which will use pam_pwdfile. - -Cyrus 2.1 ---------- - -- same as above, but different ;) in the details -- sasl must be configured with `--with-pam --with-saslauthd - --enable-plain' and I disable the rest (checkapop, digest, otp, krb4, - etc.) -- imapd should be configured with `--with-auth=unix' -- in imapd.conf you need the line - sasl_pwcheck_method: saslauthd -- start up saslauthd with `saslauthd -a pam' -- you need the /etc/pam.d/imap as above, as well as (an identical) - /etc/pam.d/sieve if you use timsieved - -I think that about covers it. One tricky bit with SASL is to get the -right mechanisms advertised; I do this by only compiling in support for -PLAIN and LOGIN. If the rest don't exist they can't cause problems. |