Prev: NMAP information about postfix
Next: Wildcard certificate warning
From: Gregory BELLIER on 20 Apr 2010 11:18
I managed to have an authentication but it's really weird. I'm on Debian
Lenny.

In /etc/default/saslauthd on both mta1 and mta2, I have :
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="shadow"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

mta1:/etc/postfix# more /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd


The authentication I now have, only works if I set a sasldb which is by
default in /etc/sasldb2 but because of the chroot, I need to copy it
(maybe a link would be enough, I haven't tested yet) in
/var/spool/postfix/etc

I don't understand why I need this sasldb while I configured for shadow...

From: Victor Duchovni on 20 Apr 2010 11:52
On Tue, Apr 20, 2010 at 05:18:48PM +0200, Gregory BELLIER wrote:

> I managed to have an authentication but it's really weird. I'm on Debian
> Lenny.
>
> In /etc/default/saslauthd on both mta1 and mta2, I have :
> START=yes
> DESC="SASL Authentication Daemon"
> NAME="saslauthd"
> MECHANISMS="shadow"
> MECH_OPTIONS=""
> THREADS=5
> OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
>
> mta1:/etc/postfix# more /etc/postfix/sasl/smtpd.conf
> pwcheck_method: saslauthd

Is this where Postfix is configured to look for the "smtpd.conf" file?
I don't recall seeing any configuration settings that make it so...

Debian may have patches that make this location the default, but do check
that you are using the right pathname...

To use ${config_directory} for the SASL "smtpd.conf" I have (non-Debian
system):

main.cf:
# Postfix 2.5+, with Cyrus SASL 2.1.22+
# http://www.postfix.org/postconf.5.html#cyrus_sasl_config_path
#
cyrus_sasl_config_path = ${config_directory}

smtpd.conf:
pwcheck_method: saslauthd
mech_list: PLAIN

I use PAM, the saslauthd daemon is running as

# ps -o pid,args -p $(pgrep -P 1 saslauthd)
PID COMMAND
3821 saslauthd -m /var/run/saslauthd -a pam

Have you checked the options with which saslauthd is actually running?

For completeness, since I use PAM, the PAM stack is:
auth requisite pam_krb5.so.1 auth_only
account required pam_localuser.so file=/etc/postfix/saslusers
password required pam_deny.so
session required pam_deny.so

The saslusers file limits which accounts are allowed to authenticate:

joeuser:x:NN:NN:submit SASL user:/:

> The authentication I now have, only works if I set a sasldb which is by
> default in /etc/sasldb2 but because of the chroot, I need to copy it (maybe
> a link would be enough, I haven't tested yet) in /var/spool/postfix/etc
>
> I don't understand why I need this sasldb while I configured for shadow...

Either Postfix is not configured to use saslauthd, or saslauthd is not
configured as you believe.

--
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.

 | 
Pages: 1
Prev: NMAP information about postfix
Next: Wildcard certificate warning