Am Mittwoch, 10. März 2004 13:31 schrieb Christian Lange:
Sorry, i assumed you`re using cyrus-imap. My reply was too fast - i should read till the end ...
Chris
Hi Chris, Thanks a lot! I'm not sure, but I think we got something wrong: I am using cyrus-imap - and i have these lines in my imapd.conf. Cyrus-imap is successfully authenticating against saslauthd - but (see the other tree of this thread) saslauthd is not accepting pam authentikation. However, Thanks a lot!
-----Ursprüngliche Nachricht----- Von: Christian Lange [mailto:christian.lange@polizei.niedersachsen.de] Gesendet: Mittwoch, 10. März 2004 13:19 An: Suse-Security Betreff: AW: [suse-security] postfix/imap/cyrus-sasl and Pam backend
Hello Markus,
try
/etc/imap.conf . . . sasl_pwcheck_method: saslauthd . .
Be sure, that saslauthd is running.
Chris
-----Ursprüngliche Nachricht----- Von: Markus Feilner [mailto:lists@feilner-it.net] Gesendet: Mittwoch, 10. März 2004 13:05 An: suse-security Betreff: Re: [suse-security] postfix/imap/cyrus-sasl and Pam backend
Am Mittwoch, 10. März 2004 12:20 schrieb sematin@mtn.co.ug:
Hmm! I haven't tried this before but have you looked at:
http://www.postfix.org/docs.html
There seem to be a number of howtos there that could be relevant.
Noah.
Thank You! Yes, and they are very good, esp. Patrick Koetter's, but i couldn't find anything for pam, only sasldb...
-----Original Message----- From: Markus Feilner [mailto:lists@feilner-it.net] Sent: 10 March 2004 14:12 To: Suse-Security Subject: [suse-security] postfix/imap/cyrus-sasl and Pam backend
Hello List, I am looking for a site with good information about postfix, cyrus-sasl (and later kerberos authentikation against Active Directory). I have postifix and imap running with cyrus
sasl and
sasldb, but i did not manage to get it to authenticate
against pam
or kerberos. I have been googling, but i could not find a solution.
I know that: - /etc/sysconfig/saslauthd tells saslauthd which mech to use. the entry is: SASLAUTHD_AUTHMECH=pam
- /usr/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mechlist: plain login crammd5 digestmd5
-/etc/posstfix/main.cf for testing: (...) smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients
= yes (...)
Now: postfix grants all users access based on user/password kombinations in sasldb - and only those users.
Shouldn't saslauth
use the local user/password Kombination? (BTW: Why does sasl with PAM only work with PLAIN?)
Thanks a lot! -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops -
auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net
-- Check the headers for your unsubscription address For
additional
commands, e-mail: suse-security-help@suse.com
Security-related bug
reports go to security@suse.de, not here
-- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net