Am Donnerstag, 11. März 2004 18:00 schrieb Andreas Winkelmann:
Am Donnerstag, 11. März 2004 17:03 schrieb Stephan Holl:
Many thanks to Andreas Winkelmann who walked me through many possibilities (was off-list) - I would have stopped far earlier.
Hope that helps. But beware, you DONT WANT TO HAVE /etc/shadow o+r !
Moving postfix/smtpd into the shadow group may solve the problem better but is another security risk by itself. The page above however presents another alternative (pwcheck) so not all is lost. At least, one mystery is solved.
Jumping in here I would like to know how the pwcheck-method works... My suse 8.1 does not provide such a daemon, (or I did not search hard enough :-))
If anybody at this list did a successful setup with postfix / pwcheck on suse8.1 could give me a hint ?!
"pwcheck" is another daemon. But it is not included in Suse-8.1. If you really want to use it, you have to build sasl at yourself. Or the best install a actual version (2.1.18 is out) and use saslauthd if you want to use pam.
-- Andreas Hello again, ;-) I managed finally! I did not have to change permissions on /etc/shadow, but i had to add /etc/pam.d/imap and /etc/pam.d/pop files. Therefore saslauthd failed and kept falling back to sasldb. Thanks Andreas and others!!!! Now i have: postfix using the following /usr/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: plain login and /etc/imapd.conf: ... sasl_pwcheck_method: saslauthd ... (some tls definitions) and /etc/sysconfig/saslauthd: SASLAUTHD_AUTHMECH=pam
and /etc/pam.d/smtp: auth required pam_permit.so account required pam_permit.so session required pam_permit.so password required pam_permit.so and the same for /etc/pam.d/imap and /etc/pam.d/pop Now smtp, imap and pop work - with: smtp: tls+plain pop: ssl+plain imap:tls+"einfacher text" -Whatever that means... Can i make that more secure? I know that sasl->PAM won't work with md5, but how can i make my setup safer? Or would you say this is enough? I am a little bit sceptical... (With sasldb2 i can setup tls+md5 for smtp and imap.) Thanks !!! -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net