Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
AW: AW: [suse-security] postfix/imap/cyrus-sasl and Pam backend
  • From: "Christian Lange" <christian.lange@xxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 10 Mar 2004 15:42:05 +0100
  • Message-id: <20040310144205.DBB6174058@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
You need the corresponding file under /etc/pam.d/ for the service which is
using saslauth(-pam)for authentication - afaik


Chris



> -----Ursprüngliche Nachricht-----
> Von: Markus Feilner [mailto:lists@xxxxxxxxxxxxxx]
> Gesendet: Mittwoch, 10. März 2004 15:21
> An: suse-security
> Betreff: Re: AW: [suse-security] postfix/imap/cyrus-sasl and
> Pam backend
>
> Am Mittwoch, 10. März 2004 13:31 schrieb Christian Lange:
> > Sorry, i assumed you`re using cyrus-imap. My reply was too fast - i
> > should read till the end ...
> >
> > Chris
>
> Hi Chris, Thanks a lot!
> I'm not sure, but I think we got something wrong:
> I am using cyrus-imap - and i have these lines in my imapd.conf.
> Cyrus-imap is successfully authenticating against saslauthd -
> but (see the other tree of this thread) saslauthd is not
> accepting pam authentikation.
> However, Thanks a lot!
>
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Christian Lange
> > > [mailto:christian.lange@xxxxxxxxxxxxxxxxxxxxxxxx]
> > > Gesendet: Mittwoch, 10. März 2004 13:19
> > > An: Suse-Security
> > > Betreff: AW: [suse-security] postfix/imap/cyrus-sasl and Pam
> > > backend
> > >
> > > Hello Markus,
> > >
> > > try
> > >
> > > /etc/imap.conf
> > > .
> > > .
> > > .
> > > sasl_pwcheck_method: saslauthd
> > > .
> > > .
> > >
> > >
> > >
> > >
> > > Be sure, that saslauthd is running.
> > >
> > >
> > > Chris
> > >
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: Markus Feilner [mailto:lists@xxxxxxxxxxxxxx]
> > > > Gesendet: Mittwoch, 10. März 2004 13:05
> > > > An: suse-security
> > > > Betreff: Re: [suse-security] postfix/imap/cyrus-sasl and Pam
> > > > backend
> > > >
> > > > Am Mittwoch, 10. März 2004 12:20 schrieb sematin@xxxxxxxxx:
> > > > > Hmm! I haven't tried this before but have you looked at:
> > > > >
> > > > > http://www.postfix.org/docs.html
> > > > >
> > > > > There seem to be a number of howtos there that could be
> > > > > relevant.
> > > > >
> > > > > Noah.
> > > >
> > > > Thank You!
> > > > Yes, and they are very good, esp. Patrick Koetter's, but i
> > > > couldn't find anything for pam, only sasldb...
> > > >
> > > > > > -----Original Message-----
> > > > > > From: Markus Feilner [mailto:lists@xxxxxxxxxxxxxx]
> > > > > > Sent: 10 March 2004 14:12
> > > > > > To: Suse-Security
> > > > > > Subject: [suse-security] postfix/imap/cyrus-sasl and Pam
> > > > > > backend
> > > > > >
> > > > > >
> > > > > > Hello List,
> > > > > > I am looking for a site with good information about postfix,
> > > > > > cyrus-sasl (and later kerberos authentikation against Active
> > > > > > Directory). I have postifix and imap running with cyrus
> > >
> > > sasl and
> > >
> > > > > > sasldb, but i did not manage to get it to authenticate
> > >
> > > against pam
> > >
> > > > > > or kerberos.
> > > > > > I have been googling, but i could not find a solution.
> > > > > >
> > > > > > I know that:
> > > > > > - /etc/sysconfig/saslauthd tells saslauthd which
> mech to use.
> > > > > > the entry is: SASLAUTHD_AUTHMECH=pam
> > > > > >
> > > > > > - /usr/lib/sasl2/smtpd.conf
> > > > > > pwcheck_method: saslauthd
> > > > > > mechlist: plain login crammd5 digestmd5
> > > > > >
> > > > > > -/etc/posstfix/main.cf
> > > > > > for testing:
> > > > > > (...)
> > > > > > smtpd_sender_restrictions = permit_sasl_authenticated,
> > > > > > permit_mynetworks, reject smtpd_sasl_auth_enable = yes
> > > > > > smtpd_sasl_security_options = noanonymous
> > >
> > > broken_sasl_auth_clients
> > >
> > > > > > = yes
> > > > > > (...)
> > > > > >
> > > > > > Now: postfix grants all users access based on user/password
> > > > > > kombinations in sasldb - and only those users.
> > >
> > > Shouldn't saslauth
> > >
> > > > > > use the local user/password Kombination?
> > > > > > (BTW: Why does sasl with PAM only work with PLAIN?)
> > > > > >
> > > > > > Thanks a lot!
> > > > > > --
> > > > > > Mit freundlichen Grüßen
> > > > > > Markus Feilner
> > > > > > --
> > > > > > Linux Solutions, Training, Seminare und Workshops -
> > >
> > > auch Inhouse
> > >
> > > > > > Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
> > > > > > fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
> > > > > > web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx
> > > > > >
> > > > > > --
> > > > > > Check the headers for your unsubscription address For
> > >
> > > additional
> > >
> > > > > > commands, e-mail: suse-security-help@xxxxxxxx
> > >
> > > Security-related bug
> > >
> > > > > > reports go to security@xxxxxxx, not here
> > > >
> > > > --
> > > > Mit freundlichen Grüßen
> > > > Markus Feilner
> > > > --
> > > > Linux Solutions, Training, Seminare und Workshops - auch Inhouse
> > > > Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
> > > > fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
> > > > web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx
> > > >
> > > > --
> > > > Check the headers for your unsubscription address For additional
> > > > commands, e-mail: suse-security-help@xxxxxxxx Security-related
> > > > bug reports go to security@xxxxxxx, not here
> > >
> > > --
> > > Check the headers for your unsubscription address For
> > > additional commands, e-mail: suse-security-help@xxxxxxxx
> > > Security-related bug reports go to security@xxxxxxx, not here
>
> --
> Mit freundlichen Grüßen
> Markus Feilner
> --
> Linux Solutions, Training, Seminare und Workshops - auch Inhouse
> Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
> fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
> web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>


< Previous Next >
References