Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] postfix/imap/cyrus-sasl and Pam backend
  • From: Andreas Winkelmann <ml@xxxxxxxxxxxxxx>
  • Date: Wed, 10 Mar 2004 14:03:36 +0100
  • Message-id: <200403101403.36368.ml@xxxxxxxxxxxxxx>
Am Mittwoch, 10. März 2004 12:11 schrieb Markus Feilner:

> I am looking for a site with good information about postfix, cyrus-sasl
> (and later kerberos authentikation against Active Directory). I have
> postifix and imap running with cyrus sasl and sasldb, but i did not
> manage to get it to authenticate against pam or kerberos.
> I have been googling, but i could not find a solution.
>
> I know that:
> - /etc/sysconfig/saslauthd tells saslauthd which mech to use.
> the entry is:
> SASLAUTHD_AUTHMECH=pam
>
> - /usr/lib/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mechlist: plain login crammd5 digestmd5

1. "mech_list" with an underline.
2. cram-md5 and digest-md5 does not work behind saslauthd.

mech_list: plain login

> -/etc/posstfix/main.cf
> for testing:
> (...)
> smtpd_sender_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes
> (...)

# postconf smtpd_sasl_local_domain

This must be empty.

> Now: postfix grants all users access based on user/password kombinations
> in sasldb - and only those users. Shouldn't saslauth use the local
> user/password Kombination?

Please define "saslauth". I'm not sure, what you mean.

> (BTW: Why does sasl with PAM only work with PLAIN?)

It works with plain and login.

--
Andreas


< Previous Next >
Follow Ups
References