Can't use saslauthd to authenticate both postfix and cyrus due to /var/run/saslauthd being on tmpfs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cyrus-sasl2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: sasl2-bin
The problem is quite complex, and has at least 2 easy workarounds. Maybe updating some docs or comments in /etc/default/
Scenario
I've set up a server with users in LDAP. Both postfix and cyrus need to authenticate the users, and using saslauthd you have 2 options:
1) run smtpd without chroot
2) move saslauthd socket from /var/run/saslauthd to /var/spool/
The problem with 1) is that I'd prefer to keep the added security provided by the chroot.
The problem with 2) is that /var/run is in tmpfs, and the softlink doesn't survive a reboot. The 'easy fix' to this is, if a "-m /new/socket/dir" is given to saslauthd, the init script should create a link from the new location to /var/run/saslauthd
Since this problem is exactly the same of syslog(s) not being usable from chroots without additional listening socket, the "real" fix would be to patch saslauthd to support additional sockets.
Ciao,
Roberto
Changed in cyrus-sasl2 (Ubuntu): | |
status: | Invalid → New |
status: | New → Invalid |
This exact problems is reported in #79371. I didn't spot it because the original title is about the PID of saslauthd.