Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] postfix/imap/cyrus-sasl and Pam backend
  • From: Andreas Winkelmann <ml@xxxxxxxxxxxxxx>
  • Date: Wed, 10 Mar 2004 16:09:36 +0100
  • Message-id: <200403101609.36264.ml@xxxxxxxxxxxxxx>
Am Mittwoch, 10. März 2004 16:02 schrieb Markus Feilner:

> > > But: saslauthd uses User/Password combinations from sasldb. Why?
> >
> > No. saslauthd and sasldb are two diffrent things.
>
> OK. I believe you.
> But it does not behave as i want to:
> I have sytem user xxx with password yyy (pam) and saslaccount xxx with
> password zzz in sasldb.
> Why can this user only send (smtp) and recieve mail (imap) when he
> enters his sasldb password zzz, even though the setup of saslauthd is
> configured for pam? saslauthd is obviously using pam because only PLAIN
> and LOGIN are allowed, trying other methods creates errors.
> When I give my mail client the user data from the pam account user=xxx
> password=yyy, i get "SASL PLAIN authentication failed".

I think there happens the "fallback" from Cyrus-SASL. If it does not find the
smtpd.conf the default is to use "auxprop" which uses "sasldb". Another thing
can be, if you are offering mechs which cannot be handled by saslauthd, for
example "cram-md5" or "digest-md5" then Cyrus-SASL uses sasldb even though
saslauthd is configured.

Start saslauthd with "-d -a pam", then it prints some debugging-informations.
Try to authenticate and check the output.

--
Andreas


< Previous Next >