Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] postfix/imap/cyrus-sasl and Pam backend
  • From: Markus Feilner <lists@xxxxxxxxxxxxxx>
  • Date: Wed, 10 Mar 2004 15:45:05 +0100
  • Message-id: <200403101545.05508.lists@xxxxxxxxxxxxxx>
Am Mittwoch, 10. März 2004 15:29 schrieb Serguei Krasnov:
> Markus Feilner wrote:
> >O.K.
> >I made postfix use SASL auth - by the parameters above means, it
> > uses saslauthd for authentikation. Right?
> >saslauthd is configured to auth against pam. Right?
>
> Yes
>
> >But: saslauthd uses User/Password combinations from sasldb. Why?
>
> IMHO, you should create system user (as sample, serg) and add this
> user to sasldb:
> saslpasswd2 -c -u <fhostname> serg
> where <fhostname> is full hostname
>
> Regards, Serguei Krasnov
I did. All those accounts in sasldb can send mail (postfix-sasl-smtp)
and fetch mail (cyrus-imap), if I am authenticating against saslauthd
and sasldb.
But can't I use the (pam) system account with password over tls+sasl?
The funny thing is:
If I tell saslauthd to use pam instead of sasldb, the only difference
is, that i Have to use PLAIN or LOGIN, and diest-MD5 is not working any
longer. that seems correct, but sasldb is still used:
I made some accounts in sasldb for users and gave them different
passwords than the system passwords (pam).
I does not seem to make any difference, whether i tell saslauthd to use
pam or sasldb - it aways uses the passwords from sasldb. The only
difference is that i have to use the unsecure PLAIN or LOGIN method.
What did i do wrong?
--
Mit freundlichen Grüßen
Markus Feilner
--
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx

< Previous Next >
Follow Ups