add an example PAM file for saslauthd and pwcheck_pam daemons

update the Sendmail.README file to include instructions for
	 using the security/cyrus-sasl2 port.

PR:		42153
Submitted by:	maintainer

security/cyrus-sasl/Makefile

@@ -42,7 +42,7 @@ MAN3=		sasl.3 sasl_authorize_t.3 sasl_callbacks.3 sasl_checkpass.3 \
 		sasl_listmech.3 sasl_log_t.3 sasl_server_init.3 \
 		sasl_server_new.3 sasl_server_start.3 sasl_server_step.3 \
 		sasl_setprop.3 sasl_usererr.3
-MAN8=		sasldblistusers.8 saslpasswd.8 saslauthd.8
+MAN8=		sasldblistusers.8 saslpasswd.8 saslauthd1.8
 
 USE_AUTOMAKE_VER=14
 USE_LIBTOOL=	YES
@@ -99,6 +99,7 @@ PLIST_SUB=	PREFIX=${PREFIX} \
 		GSSAPI=${GSSAPI} \
 		EBONES=${EBONES} \
 		DOCSDIR=${DOCSDIR:S/^${PREFIX}\///} \
+		EXAMPLESDIR=${EXAMPLESDIR:S/^${PREFIX}\///}
 
 LDAP_MYSQL_PATCH=	ldap-mysql_sasl-${PORTVERSION}/sasl-ldap+mysql.patch
 
@@ -150,11 +151,21 @@ pre-install:
 	@${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
 	@if [ -f ${PREFIX}/sbin/saslauthd ]; then \
 		mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd2; \
+		if [ -f ${PREFIX}/man/man8/saslauthd.8 ]; then \
+			mv ${PREFIX}/man/man8/saslauthd.8 \
+			   ${PREFIX}/man/man8/saslauthd2.8; \
+		elif [ -f ${PREFIX}/man/man8/saslauthd.8.gz ]; then \
+			mv ${PREFIX}/man/man8/saslauthd.8.gz \
+			   ${PREFIX}/man/man8/saslauthd2.8.gz; \
+		fi; \
 	fi
 
 post-install:
 	@${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${PWCHECK_SUB} \
 		${FILESDIR}/pwcheck.sh > ${PREFIX}/etc/rc.d/pwcheck.sh
+	@${MKDIR} ${EXAMPLESDIR}
+	@${SED} -e 's;%%PREFIX%%;${PREFIX};g' \
+		${FILESDIR}/cyrus.pam > ${EXAMPLESDIR}/cyrus.pam
 	@${CHMOD} 755 ${PREFIX}/etc/rc.d/pwcheck.sh
 	${INSTALL} -d -m 770 -o cyrus -g cyrus /var/pwcheck
 	@${SED} -e "s;%%PREFIX%%;${PREFIX};g" ${SASLAUTHD_SUB} \
@@ -174,8 +185,16 @@ post-install:
 	@${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR}
 .endif
 	@mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd1
+	@mv ${PREFIX}/man/man8/saslauthd.8 ${PREFIX}/man/man8/saslauthd1.8
 	@if [ -f ${PREFIX}/sbin/saslauthd2 ]; then \
 		mv ${PREFIX}/sbin/saslauthd2 ${PREFIX}/sbin/saslauthd; \
+		if [ -f ${PREFIX}/man/man8/saslauthd2.8 ]; then \
+			mv ${PREFIX}/man/man8/saslauthd2.8 \
+			   ${PREFIX}/man/man8/saslauthd.8; \
+		elif [ -f ${PREFIX}/man/man8/saslauthd2.8.gz ]; then \
+			mv ${PREFIX}/man/man8/saslauthd2.8.gz \
+			   ${PREFIX}/man/man8/saslauthd.8.gz; \
+		fi; \
 	fi
 	@PKG_PREFIX=${PREFIX} BATCH=${BATCH} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
 	@${CAT} ${PKGMESSAGE}

security/cyrus-sasl/files/Sendmail.README

@@ -7,14 +7,25 @@ How to enable SMTP AUTH with FreeBSD default Sendmail
     SENDMAIL_LDFLAGS+=	-L/usr/local/lib
     SENDMAIL_LDADD+=	-lsasl
 
-    NOTE: Sendmail 8.10 - 8.11 needS -D_FFR_UNSAFE_SASL added
+    NOTE: 1. Sendmail 8.10 - 8.11 needS -D_FFR_UNSAFE_SASL added
           to SENDMAIL_CFLAGS, if you need the GroupReadableSASLFile option
 
+    Starting with Sendmail 8.12, you can also use the security/cyrus-sasl2
+    port.  Then you will not need the SASL V1 port installed.
+
+    SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
+    SENDMAIL_LDFLAGS=-L/usr/local/lib
+    SENDMAIL_LDADD=-lsasl2
+
+
 2) Rebuild FreeBSD (make buildworld, ...)
 
-3) Create /usr/local/lib/sasl/Sendmail.conf with the following.
+3) Make sure that the pwcheck_method is correct in Sendmail.conf.
 
-   pwcheck_method: pwcheck
+   Sendmail.conf (${PREFIX}/lib/sasl{,2}/Sendmail.conf) is created by
+   the cyrus-sasl and cyrus-sasl2 ports during installation.  It may have
+   pwcheck_method set to either pwcheck (V1 only) or saslauthd (V1 & V2) by
+   default.  Change this to what is appropriate for your site.
 
 4) Add the following to your sendmail.mc file:
 
@@ -44,7 +55,8 @@ How to enable SMTP AUTH with FreeBSD default Sendmail
 
    PLAIN is required for Netscape Communicator users.  By default Netscape
    Communicator will use SASL Authentication when sendmail is compiled with
-   SASL.
+   SASL and will cause your users to enter their passwords each time they
+   retreive their mail (NS 4.7).
 
    The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you
    are using cyrus-imapd and sendmail on the same server that requires access

security/cyrus-sasl/files/cyrus.pam

@@ -0,0 +1,18 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "cyrus" service
+# Copy this file to /etc/pam.d/cyrus
+#
+
+# auth
+#auth		required	pam_nologin.so	no_warn
+#auth		sufficient	%%PREFIX%%/lib/pam_ldap.so	nowarn
+#auth		sufficient	pam_opie.so	no_warn no_fake_prompts
+#auth		requisite	pam_opieaccess.so	no_warn
+#auth		required	pam_ssh.so	no_warn try_first_pass
+auth		required	pam_unix.so	no_warn try_first_pass
+
+# account
+#account		sufficient	%%PREFIX%%/lib/pam_ldap.so
+account		required	pam_unix.so

security/cyrus-sasl/pkg-plist

@@ -43,6 +43,7 @@ sbin/saslpasswd
 sbin/pwcheck
 sbin/pwcheck_pam
 sbin/saslauthd1
+%%EXAMPLESDIR%%/cyrus.pam
 %%JAVASASL%%share/java/classes/sasl/CyrusSasl/ClientFactory.class
 %%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericClient.class
 %%JAVASASL%%share/java/classes/sasl/CyrusSasl/GenericCommon.class
@@ -90,17 +91,18 @@ sbin/saslauthd1
 %%JAVASASL%%@dirrm share/java/classes/sasl/javax
 %%JAVASASL%%@dirrm share/java/classes/sasl/CyrusSasl
 %%JAVASASL%%@dirrm share/java/classes/sasl
+@dirrm %%EXAMPLESDIR%%
 @dirrm lib/sasl
 @cwd /var
 @exec install -d -m 770 -o cyrus -g cyrus %D/pwcheck
-@comment This file gets created by the pwcheck program
+@comment This file is created by the pwcheck program
 @unexec rm -f %D/pwcheck/pwcheck
 @dirrm pwcheck
 @mode ug=rwx,o=
 @exec mkdir -p /var/state/saslauthd1
 @exec chown -R cyrus:cyrus state
 @exec chmod -R o= state
-@comment This file gets created by the state/saslauthd program
+@comment These files are created by the saslauthd program
 @unexec rm -fr /var/state/saslauthd1
 @unexec rmdir /var/state
 @cwd %%PREFIX%%