FS#50806 - [opensmtpd] No PAM auth in 6.0.0p1-1

Attached to Project: Community Packages
Opened by Johannes Löthberg (demize) - Friday, 16 September 2016, 21:12 GMT
Last edited by Lukas Fleischer (lfleischer) - Friday, 22 May 2020, 16:49 GMT
Task Type Feature Request
Category Packages
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Hey,

Could you rebuild opensmtpd 6.0.0p1 with an explicit --with-auth-pam configure flag? Apparently PAM is not enabled by default anymore.
This task depends upon

Closed by  Lukas Fleischer (lfleischer)
Friday, 22 May 2020, 16:49 GMT
Reason for closing:  Implemented
Additional comments about closing:  Flag has been added a long time ago.
Comment by Johannes Löthberg (demize) - Tuesday, 29 November 2016, 12:12 GMT
(Marked it as a bug since it's a regression, and the package even still depends on pam, and high since because of this it /will/ break a lot of installations since it's unexpected and unannounced regression.)
Comment by ipp (n8V8r) - Tuesday, 31 July 2018, 13:08 GMT
It appears that [ --with-auth-pam \] is present in 6.0.3p1-2 (https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/opensmtpd) but PAM authentication seems still not be working.

Likely reason is that the service name as parameter is absent from the string. Looking at [ configure ] in the upstream source package the syntax reads [ --with-auth-pam=SERVICE Enable PAM authentication support (default=smtpd) ]

Steps to reproduce:

1. pacman -S openspmtd
2. touch /etc/pam.d/smtpd | printf "auth required pam_unix.so nullok \naccount required pam_unix.so" | tee /etc/pam.d/smtpd > /dev/null
3. make all necessary configuration settings for opensmtpd (there are none though pertaining to PAM)
4. systemctl start smtpd
5. configure mail client with connection details of MTA and governing authentication method (normal password)
5. log into the MTA with a mail client

Expected but not happening : mail client pops up password request for logging into the MTA

Not expected but happening : mail client does not pop password request for logging into the MTA and connects to MTA regardless

Monitoring the MTA logs during the login period of the mail client the absence of PAM authentication is apparent.


Loading...