Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: SASLAuth - Drop services for `mysql`, `shadow`, `pam` auth mechanisms (#4259)

This commit is contained in:
Brennan Kinney 2024-11-20 17:19:58 +13:00 committed by GitHub
parent 02f1894f74
commit c15354058f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 17 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file. The format
### Breaking
- **saslauthd** mechanism support via ENV `SASLAUTHD_MECHANISMS` with `pam`, `shadow`, `mysql` values has been removed. Only `ldap` and `rimap` remain supported ([#4259](https://github.com/docker-mailserver/docker-mailserver/pull/4259))
- **getmail6** has been refactored: ([#4156](https://github.com/docker-mailserver/docker-mailserver/pull/4156))
- The [DMS config volume](https://docker-mailserver.github.io/docker-mailserver/v15.0/config/advanced/optional-config/#volumes) now has support for `getmailrc_general.cf` for overriding [common default settings](https://docker-mailserver.github.io/docker-mailserver/v15.0/config/advanced/mail-getmail/#common-options). If you previously mounted this config file directly to `/etc/getmailrc_general` you should switch to our config volume support.
- IMAP/POP3 example configs added to our [`config-examples`](https://github.com/docker-mailserver/docker-mailserver/tree/v15.0.0/config-examples/getmail).

22
docs/content/config/environment.md
View File

@ -910,22 +910,26 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
##### SASLAUTHD_MECHANISMS
- **empty** => pam
- `ldap` => authenticate against ldap server
- `shadow` => authenticate against local user db
- `mysql` => authenticate against mysql db
- `rimap` => authenticate against imap server
- NOTE: can be a list of mechanisms like pam ldap shadow
DMS only implements support for these mechanisms:
- **`ldap`** => Authenticate against an LDAP server
- `rimap` => Authenticate against an IMAP server
##### SASLAUTHD_MECH_OPTIONS
- **empty** => None
- e.g. with SASLAUTHD_MECHANISMS rimap you need to specify the ip-address/servername of the imap server ==> xxx.xxx.xxx.xxx
!!! info
With `SASLAUTHD_MECHANISMS=rimap` you need to specify the ip-address / servername of the IMAP server, such as `SASLAUTHD_MECH_OPTIONS=127.0.0.1`.
##### SASLAUTHD_LDAP_SERVER
- **empty** => same as `LDAP_SERVER_HOST`
- Note: You must include the desired URI scheme (`ldap://`, `ldaps://`, `ldapi://`).
- **empty** => Use the same value as `LDAP_SERVER_HOST`
!!! note
You must include the desired URI scheme (`ldap://`, `ldaps://`, `ldapi://`).
##### SASLAUTHD_LDAP_START_TLS

5
target/scripts/startup/variables-stack.sh
View File

@ -182,8 +182,9 @@ function _environment_variables_ldap() {
function _environment_variables_saslauthd() {
_log 'debug' 'Setting SASLAUTHD-related environment variables now'
# Only used by the supervisor service command (upstream default: `/etc/default/saslauthd`)
VARS[SASLAUTHD_MECHANISMS]="${SASLAUTHD_MECHANISMS:=pam}"
# This ENV is only used by the supervisor service config `saslauth.conf`:
# NOTE: `pam` is set as the upstream default in `/etc/default/saslauthd`
VARS[SASLAUTHD_MECHANISMS]="${SASLAUTHD_MECHANISMS:=ldap}"
}
# This function Writes the contents of the `VARS` map (associative array)

28
target/supervisor/conf.d/saslauth.conf
View File

@ -7,24 +7,6 @@ stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/sbin/saslauthd -d -a ldap -O /etc/saslauthd.conf
pidfile=/var/run/saslauthd/saslauthd.pid
[program:saslauthd_mysql]
startsecs=0
autostart=false
autorestart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/sbin/saslauthd -d -a mysql -O "%(ENV_SASLAUTHD_MECH_OPTIONS)s"
pidfile=/var/run/saslauthd/saslauthd.pid
[program:saslauthd_pam]
startsecs=0
autostart=false
autorestart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/sbin/saslauthd -d -a pam -O "%(ENV_SASLAUTHD_MECH_OPTIONS)s"
pidfile=/var/run/saslauthd/saslauthd.pid
[program:saslauthd_rimap]
startsecs=0
autostart=false
@ -33,13 +15,3 @@ stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/sbin/saslauthd -d -a rimap -r -O "%(ENV_SASLAUTHD_MECH_OPTIONS)s"
pidfile=/var/run/saslauthd/saslauthd.pid
[program:saslauthd_shadow]
startsecs=0
autostart=false
autorestart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/sbin/saslauthd -d -a shadow -O "%(ENV_SASLAUTHD_MECH_OPTIONS)s"
pidfile=/var/run/saslauthd/saslauthd.pid