Hello Markus, try /etc/imap.conf . . . sasl_pwcheck_method: saslauthd . . Be sure, that saslauthd is running. Chris
-----Ursprüngliche Nachricht----- Von: Markus Feilner [mailto:lists@feilner-it.net] Gesendet: Mittwoch, 10. März 2004 13:05 An: suse-security Betreff: Re: [suse-security] postfix/imap/cyrus-sasl and Pam backend
Am Mittwoch, 10. März 2004 12:20 schrieb sematin@mtn.co.ug:
Hmm! I haven't tried this before but have you looked at:
http://www.postfix.org/docs.html
There seem to be a number of howtos there that could be relevant.
Noah. Thank You! Yes, and they are very good, esp. Patrick Koetter's, but i couldn't find anything for pam, only sasldb...
-----Original Message----- From: Markus Feilner [mailto:lists@feilner-it.net] Sent: 10 March 2004 14:12 To: Suse-Security Subject: [suse-security] postfix/imap/cyrus-sasl and Pam backend
Hello List, I am looking for a site with good information about postfix, cyrus-sasl (and later kerberos authentikation against Active Directory). I have postifix and imap running with cyrus sasl and sasldb, but i did not manage to get it to authenticate against pam or kerberos. I have been googling, but i could not find a solution.
I know that: the entry is: SASLAUTHD_AUTHMECH=pam
- /etc/sysconfig/saslauthd tells saslauthd which mech to use.
- /usr/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mechlist: plain login crammd5 digestmd5
-/etc/posstfix/main.cf for testing: (...) smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes (...)
Now: postfix grants all users access based on user/password kombinations in sasldb - and only those users. Shouldn't saslauth use the local user/password Kombination? (BTW: Why does sasl with PAM only work with PLAIN?)
Thanks a lot!
Mit freundlichen Grüßen Markus Feilner
Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Mit freundlichen Grüßen Markus Feilner
Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here