Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] postfix/imap/cyrus-sasl and Pam backend
  • From: Markus Feilner <lists@xxxxxxxxxxxxxx>
  • Date: Wed, 10 Mar 2004 15:18:57 +0100
  • Message-id: <200403101518.57924.lists@xxxxxxxxxxxxxx>
First of all - Thanks a lot!!!

Am Mittwoch, 10. März 2004 14:03 schrieb Andreas Winkelmann:
> > - /usr/lib/sasl2/smtpd.conf
> > pwcheck_method: saslauthd
> > mechlist: plain login crammd5 digestmd5
>
> 1. "mech_list" with an underline.
> 2. cram-md5 and digest-md5 does not work behind saslauthd.
>
> mech_list: plain login

OK... typo :-(

>
> > -/etc/posstfix/main.cf
> > for testing:
> > (...)
> > smtpd_sender_restrictions = permit_sasl_authenticated,
> > permit_mynetworks, reject
> > smtpd_sasl_auth_enable = yes
> > smtpd_sasl_security_options = noanonymous
> > broken_sasl_auth_clients = yes
> > (...)
>
> # postconf smtpd_sasl_local_domain
>
> This must be empty.

It is. Thanks, but I found that one, too.

> > Now: postfix grants all users access based on user/password
> > kombinations in sasldb - and only those users. Shouldn't saslauth
> > use the local user/password Kombination?
> Please define "saslauth". I'm not sure, what you mean.

O.K.
I made postfix use SASL auth - by the parameters above means, it uses
saslauthd for authentikation. Right?
saslauthd is configured to auth against pam. Right?
But: saslauthd uses User/Password combinations from sasldb. Why?
Where is my mistake?


> > (BTW: Why does sasl with PAM only work with PLAIN?)
>
> It works with plain and login.

Sorry, You are right. But I want to understand, why I cannot use either
MD5 methods for that...

> --
> Andreas

--
Mit freundlichen Grüßen
Markus Feilner
--
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx

< Previous Next >