Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: AW: [suse-security] postfix/imap/cyrus-sasl and Pam backend
  • From: Markus Feilner <lists@xxxxxxxxxxxxxx>
  • Date: Wed, 10 Mar 2004 15:21:16 +0100
  • Message-id: <200403101521.16561.lists@xxxxxxxxxxxxxx>
Am Mittwoch, 10. März 2004 13:31 schrieb Christian Lange:
> Sorry, i assumed you`re using cyrus-imap. My reply was too fast - i
> should read till the end ...
>
> Chris

Hi Chris, Thanks a lot!
I'm not sure, but I think we got something wrong:
I am using cyrus-imap - and i have these lines in my imapd.conf.
Cyrus-imap is successfully authenticating against saslauthd - but (see
the other tree of this thread) saslauthd is not accepting pam
authentikation.
However, Thanks a lot!

>
> > -----Ursprüngliche Nachricht-----
> > Von: Christian Lange
> > [mailto:christian.lange@xxxxxxxxxxxxxxxxxxxxxxxx]
> > Gesendet: Mittwoch, 10. März 2004 13:19
> > An: Suse-Security
> > Betreff: AW: [suse-security] postfix/imap/cyrus-sasl and Pam
> > backend
> >
> > Hello Markus,
> >
> > try
> >
> > /etc/imap.conf
> > .
> > .
> > .
> > sasl_pwcheck_method: saslauthd
> > .
> > .
> >
> >
> >
> >
> > Be sure, that saslauthd is running.
> >
> >
> > Chris
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Markus Feilner [mailto:lists@xxxxxxxxxxxxxx]
> > > Gesendet: Mittwoch, 10. März 2004 13:05
> > > An: suse-security
> > > Betreff: Re: [suse-security] postfix/imap/cyrus-sasl and Pam
> > > backend
> > >
> > > Am Mittwoch, 10. März 2004 12:20 schrieb sematin@xxxxxxxxx:
> > > > Hmm! I haven't tried this before but have you looked at:
> > > >
> > > > http://www.postfix.org/docs.html
> > > >
> > > > There seem to be a number of howtos there that could be
> > > > relevant.
> > > >
> > > > Noah.
> > >
> > > Thank You!
> > > Yes, and they are very good, esp. Patrick Koetter's, but i
> > > couldn't find anything for pam, only sasldb...
> > >
> > > > > -----Original Message-----
> > > > > From: Markus Feilner [mailto:lists@xxxxxxxxxxxxxx]
> > > > > Sent: 10 March 2004 14:12
> > > > > To: Suse-Security
> > > > > Subject: [suse-security] postfix/imap/cyrus-sasl and Pam
> > > > > backend
> > > > >
> > > > >
> > > > > Hello List,
> > > > > I am looking for a site with good information about postfix,
> > > > > cyrus-sasl (and later kerberos authentikation against Active
> > > > > Directory). I have postifix and imap running with cyrus
> >
> > sasl and
> >
> > > > > sasldb, but i did not manage to get it to authenticate
> >
> > against pam
> >
> > > > > or kerberos.
> > > > > I have been googling, but i could not find a solution.
> > > > >
> > > > > I know that:
> > > > > - /etc/sysconfig/saslauthd tells saslauthd which mech to use.
> > > > > the entry is: SASLAUTHD_AUTHMECH=pam
> > > > >
> > > > > - /usr/lib/sasl2/smtpd.conf
> > > > > pwcheck_method: saslauthd
> > > > > mechlist: plain login crammd5 digestmd5
> > > > >
> > > > > -/etc/posstfix/main.cf
> > > > > for testing:
> > > > > (...)
> > > > > smtpd_sender_restrictions = permit_sasl_authenticated,
> > > > > permit_mynetworks, reject smtpd_sasl_auth_enable = yes
> > > > > smtpd_sasl_security_options = noanonymous
> >
> > broken_sasl_auth_clients
> >
> > > > > = yes
> > > > > (...)
> > > > >
> > > > > Now: postfix grants all users access based on user/password
> > > > > kombinations in sasldb - and only those users.
> >
> > Shouldn't saslauth
> >
> > > > > use the local user/password Kombination?
> > > > > (BTW: Why does sasl with PAM only work with PLAIN?)
> > > > >
> > > > > Thanks a lot!
> > > > > --
> > > > > Mit freundlichen Grüßen
> > > > > Markus Feilner
> > > > > --
> > > > > Linux Solutions, Training, Seminare und Workshops -
> >
> > auch Inhouse
> >
> > > > > Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
> > > > > fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
> > > > > web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx
> > > > >
> > > > > --
> > > > > Check the headers for your unsubscription address For
> >
> > additional
> >
> > > > > commands, e-mail: suse-security-help@xxxxxxxx
> >
> > Security-related bug
> >
> > > > > reports go to security@xxxxxxx, not here
> > >
> > > --
> > > Mit freundlichen Grüßen
> > > Markus Feilner
> > > --
> > > Linux Solutions, Training, Seminare und Workshops - auch Inhouse
> > > Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
> > > fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
> > > web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx
> > >
> > > --
> > > Check the headers for your unsubscription address For additional
> > > commands, e-mail: suse-security-help@xxxxxxxx Security-related
> > > bug reports go to security@xxxxxxx, not here
> >
> > --
> > Check the headers for your unsubscription address For
> > additional commands, e-mail: suse-security-help@xxxxxxxx
> > Security-related bug reports go to security@xxxxxxx, not here

--
Mit freundlichen Grüßen
Markus Feilner
--
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx

< Previous Next >
Follow Ups
References