O.K. I made postfix use SASL auth - by the parameters above means, it uses saslauthd for authentikation. Right?
Yes.
saslauthd is configured to auth against pam. Right?
Yes.
But: saslauthd uses User/Password combinations from sasldb. Why?
No. saslauthd and sasldb are two diffrent things. OK. I believe you. But it does not behave as i want to: I have sytem user xxx with password yyy (pam) and saslaccount xxx with
Am Mittwoch, 10. März 2004 15:34 schrieb Andreas Winkelmann: password zzz in sasldb. Why can this user only send (smtp) and recieve mail (imap) when he enters his sasldb password zzz, even though the setup of saslauthd is configured for pam? saslauthd is obviously using pam because only PLAIN and LOGIN are allowed, trying other methods creates errors. When I give my mail client the user data from the pam account user=xxx password=yyy, i get "SASL PLAIN authentication failed".
Where is my mistake?
(BTW: Why does sasl with PAM only work with PLAIN?)
It works with plain and login.
Sorry, You are right. But I want to understand, why I cannot use either MD5 methods for that...
To use the *-MD5 Mechanisms, Cyrus-SASL needs access to the unencrypted plaintext-password. This based on the algorithms how these hashes are computed.
The other reason is saslauthd itself. It speaks a protocol where the Lib only asks saslauthd if the password is correct:
Lib -> saslauthd : Is "User","Realm","Password" Ok saslauthd -> Lib: "Ok" / "Not Ok"
That's all, no way to exchange a password. OK. I understand. That's why tls must be sufficient here. Thanks a lot!
-- Andreas
-- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net