Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] postfix/imap/cyrus-sasl and Pam backend
  • From: Markus Feilner <lists@xxxxxxxxxxxxxx>
  • Date: Wed, 10 Mar 2004 16:24:08 +0100
  • Message-id: <200403101624.08322.lists@xxxxxxxxxxxxxx>
Am Mittwoch, 10. März 2004 16:09 schrieb Andreas Winkelmann:
> Am Mittwoch, 10. März 2004 16:02 schrieb Markus Feilner:
> > > > But: saslauthd uses User/Password combinations from sasldb.
> > > > Why?
> > >
> > > No. saslauthd and sasldb are two diffrent things.
> >
> > OK. I believe you.
> > But it does not behave as i want to:
> > I have sytem user xxx with password yyy (pam) and saslaccount xxx
> > with password zzz in sasldb.
> > Why can this user only send (smtp) and recieve mail (imap) when he
> > enters his sasldb password zzz, even though the setup of saslauthd
> > is configured for pam? saslauthd is obviously using pam because
> > only PLAIN and LOGIN are allowed, trying other methods creates
> > errors. When I give my mail client the user data from the pam
> > account user=xxx password=yyy, i get "SASL PLAIN authentication
> > failed".
>
> I think there happens the "fallback" from Cyrus-SASL. If it does not
> find the smtpd.conf the default is to use "auxprop" which uses
> "sasldb". Another thing can be, if you are offering mechs which
> cannot be handled by saslauthd, for example "cram-md5" or
> "digest-md5" then Cyrus-SASL uses sasldb even though saslauthd is
> configured.
>
> Start saslauthd with "-d -a pam", then it prints some
> debugging-informations. Try to authenticate and check the output.
>
> --
> Andreas
OK, I didn't know about the fallback!
I'll try that tomorrow and back you feed ;-)
Thanks again for your great help - i feel like understanding much more
now.

--
Mit freundlichen Grüßen
Markus Feilner
--
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx

< Previous Next >