Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] postfix/imap/cyrus-sasl and Pam backend - PARTLY SOLVED!
  • From: Markus Feilner <lists@xxxxxxxxxxxxxx>
  • Date: Fri, 12 Mar 2004 17:36:41 +0100
  • Message-id: <200403121735.35710.lists@xxxxxxxxxxxxxx>
Am Freitag, 12. März 2004 16:49 schrieb Andreas Winkelmann:
> Am Freitag, 12. März 2004 16:25 schrieb Markus Feilner:
> > > > Now smtp, imap and pop work - with:
> > > > smtp: tls+plain
> > > > pop: ssl+plain
> > > > imap:tls+"einfacher text" -Whatever that means...
> > > >
> > > > Can i make that more secure?
> > >
> > > Use a real pam-module.
> >
> > OK. any hints for a working pam- configuration?
> > The suse default /etc/pam.d/smtp does not work here...
>
> What is "default"? pam_unix2?
Ok, my (Backup from the Default) file /etc/pam.d/smtp is:

auth required /lib/security/pam_unix_auth.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_unix_passwd.so
session required /lib/security/pam_unix_session.so

and same are pop and imap

The errors I get, when I try to send/retrieve mail via the box
POP:
Mar 12 17:13:00 linuxbox pop3d[11665]: starttls: SSLv3 with cipher
RC4-MD5 (128/128 bits new) no authentication
Mar 12 17:13:00 linuxbox pop3d[11665]: could not find password
(...)

IMAP:
Mar 12 17:13:22 linuxbox saslauthd[11588]: do_auth : auth
failure: [user=mfeilner] [service=imap] [realm=] [mech=pam] [reason=PAM
auth error]
Mar 12 17:13:22 linuxbox imapd[11564]: badlogin: fqdn[w.x.y.z] plaintext
mfeilner SASL(-13): authentication failure: checkpass failed
(...)

SMTP:
Mar 12 17:17:38 linuxbox postfix/smtpd[11685]: < unknown[192.168.0.117]:
AUTH PLAIN bWZlaWxuZXIAbWZlaWxuZXIAYWdhZGlyMDM=
Mar 12 17:17:38 linuxbox postfix/smtpd[11685]: smtpd_sasl_authenticate:
sasl_method PLAIN, init_response bWZlaWxuZXIAbWZlaWxuZXIAYWdhZGlyMDM=
Mar 12 17:17:38 linuxbox postfix/smtpd[11685]: smtpd_sasl_authenticate:
decoded initial response mfeilner
Mar 12 17:17:40 linuxbox postfix/smtpd[11685]: warning: SASL
authentication failure: Password verification failed
Mar 12 17:17:40 linuxbox postfix/smtpd[11685]: warning:
unknown[192.168.0.117]: SASL PLAIN authentication failed
Mar 12 17:17:40 linuxbox postfix/smtpd[11685]: > unknown[192.168.0.117]:
535 Error: authentication failed

>
> # postconf smtpd_sasl_local_domain
>
> should be empty.

It is.

>
> > > And force tls/ssl.
> >
> > You mean for pop, right? smtp and imap use it.
> > How can I force That?
>
> Postfix: Look for "smtpd_tls_auth_only = yes" or "smtpd_enforce_tls =
> yes".

It is.
;-)
>
> Hmm, which POP/IMAP-Daemon do you use? I know only Cyrus-IMAP.

Yes.
And i have the two lines in cyrus.conf:

# pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0

Those are the only ones I found concerning pop from the cyrus-imap
package, (of course I have the tls lines in imapd.conf)
> --
> Andreas

--
Mit freundlichen Grüßen
Markus Feilner
--
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx

< Previous Next >
Follow Ups