[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE 9.0: postfix sasl authentikation fails



Am Freitag, 9. Januar 2004 13:51 schrieb Markus Feilner:

> has anybody got postfix working with cyrus-sasl under suse 9.0?
> I only got replies like "authenticaton failed"
>
> my /usr/lib/sasl2/smtp.conf is:
smtpd.conf

> pwcheck_method: auxprop
> mech_list: plain login
If you use sasldb, you can offer cram-md5 and digest-md5 too. If they are 
installed, of course.

> auxprop_plugin: sasldb2
auxprop_plugin: sasldb

> (the path to /usr/lib/sasl2 was added by ldconfig )
No need.

> A user for sasldb was added:
> Mail-server:/usr/lib/sasl2 # saslpasswd2 -c user
> Password: user
> Again (for verification): user
> Mail-server:/usr/lib/sasl2 #

Better to specify a realm (-u).  But if it is already there, show 
sasldblistusers2 look at the user-string. There is a domain-part add it to 
Postfix's configurations as "smtpd_sasl_local_domain".

> And to  /etc/postfix/main.cf I added:
>
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes
> smtpd_recipients_restrictions = permit_sasl_authenticated
>
> OK,
> rcsaslauthd start, rcpostfix restart and test with telnet or a
> mailclient. I am told SASL with PLAIN or LOGIN should work.

If you want to use sasldb, there is no need to start saslauthd.

> But if I try to send a message, I get the following in /var/log/mail:

> it seems like access to database is not possible.
> Why is authentication failing?

Two other things, check if smtpd runs chrooted (master.cf) and copy the sasldb 
to the jail. And check if user postfix may access sasldb.

-- 
	Andreas


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here