/etc/sasl

Patrick Ben Koetter p at state-of-mind.de
Fri Jan 11 22:40:04 UTC 2008 

* Ross Boylan <ross at biostat.ucsf.edu>:
> On Fri, 2008-01-11 at 12:13 +0200, Fabian Fagerholm wrote:
> > On Thu, 2008-01-10 at 14:23 -0500, Ross Boylan wrote:
> > > I see the library is compiled --with-configdir=/etc/sasl:/usr/lib/sasl2.
> > > However, there is no /etc/sasl directory on my system.
> > > 
> > > Is this deliberate?  an oversight?
> > 
> > It's deliberate. We could create it, but as Roberto said, we don't put
> > anything in there by default. It could be confusing to have it there.
> I was confused by its absence.  I thought the FHS was that config files
> went in /etc.  I ended up putting the file in /usr/lib/sasl2 to see if
> that was my problem (it wasn't).  My backups don't usually cover /usr
> outside of /usr/local, so they will miss that file unless I stick in an
> exception.

I was confused to back in the days when I started using Cyrus SASL 1.5.x that
configuration files should go into /usr/lib/sasl. When Cyrus SASL major
version 2.x came they added /usr/lib/sasl2, which didn't make it any easier,
since all files are installed to /usr/local/lib/sasl2 by default and people
who installed from the sources usually didn't create a symlink to
/usr/lib/sasl2.

Versions up to Cyrus SASL 2.1.21 use /usr/lib/sasl2 to store any SASL related
file - libraries, drivers, configuration files.

This has annoyed many people, including you as your reference to FHS indicates
to me, but reactions have been different.

The Debian Postfix package, for example, patches Postfix to tell libsasl
configuration files can be found in /etc/postfix/sasl.

In my personal opinion this is the wrong aproach, as it fixes the effect, but
not the cause.

Cyrus SASL is an authentication framework. Just as PAM it should have a
central directory where any configuration file configuring a service should be
placed. FHS forsees directories or files beneath /etc/ for this.

When development for 2.1.22 began I got in contact with Alexey Melnikov, one
of the Cyrus SASL developers, and started a discussion on a configurable 
$config_directory and I pointed him to a Gentoo patch and told him about other
distributions that had begun to patch applications for a better config path.

Long story made short: Alexey made the path configurable and now the way is open
for package developers to agree on a new, more FHS way of storing application
specific configuration files.

IIRC RedHat already ships RHEL 5.1 with /etc/sasl2. We'll see how this ends.
Having configuration in /usr/lib/sasl2, /usr/lib64/sasl2 (I've seen that too) or
/var/lib/sasl2 (Mandriva?) or associated with an applications configuration
directory is IMHO not the way any UNIX system leaning towards FHS should do it.

I personally think /etc/sasl is a good place.

p at rick

> Creating an empty directory is a bit weird, though a number of packages
> do so under /usr/local.  I guess /usr/local/lib/sasl2 could be an
> alternative.  Also, a little README could go in the otherwise empty
> directory explaining what's going on.
> 
> Finally. if you decide to go with /etc, /etc/sasl2 might be more
> consistent.  Now that I understand /etc/sasl is an historical vestige, I
> see why it's sasl not sasl2.
> 
> > The history, as far as I know, is that it is an old default from the
> > 2.1.x series (for example, SASL configuration for Postfix used to be
> > placed there) but nowadays, it doesn't work like that (for example, the
> > Postfix SASL configuration now lives in /etc/postfix/sasl).
> > Specifically, upstream changed the default behaviour in April 2006 to
> > search /usr/lib/sasl2 primarily, but we got a load of bug reports from
> > Postfix users who were utterly confused.
> > 
> > So the --with-configdir is like that for backwards compatibility with
> > earlier Debian systems, but for new installations, I don't think it's
> > needed. (And if it is, for some specific system, better let the sysadmin
> > create and manage it.)
> [snip stuff about exim--message to follow]
> Ross
> 
> 
> _______________________________________________
> Pkg-cyrus-sasl2-debian-devel mailing list
> Pkg-cyrus-sasl2-debian-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-cyrus-sasl2-debian-devel

More information about the Pkg-cyrus-sasl2-debian-devel mailing list