I'm setting up a postfix server using "The Book of Postfix". In ch 15
there is a section on testing saslauthd which I can't get to work. I
can get it to work using shadow password authentication, but it fails
on pam. I don't kow squat about troubleshooting pam. Any PAM wizzes
out there that can help? I saw a unrelated post talking about
something needing to be in the pam sasl group. Had no idea what that
meant. sasl ins't a user, or group.
I setup and try
saslauthd -m /var/run/saslauthd -a pam -d
sasl2-sample-server -s rcmd -p 8000
sasl2-sample-client -s rcmd -p 8000 -m LOGIN 127.0.0.1
If I set "-a shadow" it works. So I assume I have saslauthd working
at least.
But, if I set "-a pam" as listed above, it fails
I believe it may be a PAM issue, could be sasl, but I'm hoping maybe
someone will see the easy answer.
I have in /etc/pam.d/smtp
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
Also:
# saslauthd -v
saslauthd 2.1.19
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
And /usr/lib/sasl2/smtpd.conf (also linked to sample.conf)
# cat smtpd.conf
loglevel: 7
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
Here are the results of a failed attempt:
-------------------------------------
# saslauthd -m /var/run/saslauthd -a pam -d
saslauthd[3176] :main : num_procs : 5
saslauthd[3176] :main : mech_option: NULL
saslauthd[3176] :main : run_path : /var/run/saslauthd
saslauthd[3176] :main : auth_mech : pam
saslauthd[3176] :ipc_init : using accept lock file:
/var/run/saslauthd/mux.accept
saslauthd[3176] :detach_tty : master pid is: 0
saslauthd[3176] :ipc_init : listening on socket:
/var/run/saslauthd/mux
saslauthd[3176] :main : using process model
saslauthd[3177] :get_accept_lock : acquired accept lock
saslauthd[3176] :have_baby : forked child: 3177
saslauthd[3176] :have_baby : forked child: 3178
saslauthd[3176] :have_baby : forked child: 3179
saslauthd[3176] :have_baby : forked child: 3180
saslauthd[3177] :rel_accept_lock : released accept lock
saslauthd[3177] :do_auth : auth failure: [user=testuser]
[service=rcmd] [realm=] [mech=pam] [reason=PAM auth error]
# sasl2-sample-server -s rcmd -p 8000
trying 2, 1, 6
trying 10, 1, 6
socket: Address family not supported by protocol
accepted new connection
send: {11}
PLAIN LOGIN
recv: {5}
LOGIN
recv: {1}
N
send: {9}
Username:
recv: {7}
testuser
send: {9}
Password:
recv: {6}
xxxxxx
performing SASL negotiation: authentication failureclosing connection
# sasl2-sample-client -s rcmd -p 8000 -m LOGIN 127.0.0.1
receiving capability list... recv: {11}
PLAIN LOGIN
PLAIN LOGIN
send: {5}
LOGIN
send: {1}
N
recv: {9}
Username:
please enter an authentication id: testuser
Password:
send: {7}
testuser
recv: {9}
Password:
send: {6}
xxxxxx
authentication failed
closing connection
--------------
# From syslog:
Sep 19 09:33:45 tn1 saslauthd[3209]: main : num_procs : 5
Sep 19 09:33:45 tn1 saslauthd[3209]: main : mech_option:
NULL
Sep 19 09:33:45 tn1 saslauthd[3209]: main : run_path :
/var/run/saslauthd
Sep 19 09:33:45 tn1 saslauthd[3209]: main : auth_mech :
pam
Sep 19 09:33:45 tn1 saslauthd[3209]: ipc_init : using accept
lock file: /var/run/saslauthd/mux.accept
Sep 19 09:33:45 tn1 saslauthd[3209]: detach_tty : master pid is:
0
Sep 19 09:33:45 tn1 saslauthd[3209]: ipc_init : listening on
socket: /var/run/saslauthd/mux
Sep 19 09:33:45 tn1 saslauthd[3209]: main : using process
model
Sep 19 09:33:45 tn1 saslauthd[3210]: get_accept_lock : acquired accept
lock
Sep 19 09:33:45 tn1 saslauthd[3209]: have_baby : forked child:
3210
Sep 19 09:33:45 tn1 saslauthd[3209]: have_baby : forked child:
3211
Sep 19 09:33:45 tn1 saslauthd[3209]: have_baby : forked child:
3212
Sep 19 09:33:45 tn1 saslauthd[3209]: have_baby : forked child:
3213
Sep 19 09:34:03 tn1 saslauthd[3210]: rel_accept_lock : released accept
lock
Sep 19 09:34:03 tn1 saslauthd[3210]: DEBUG: auth_pam: pam_authenticate
failed: Authentication failure
Sep 19 09:34:03 tn1 saslauthd[3210]: do_auth : auth failure:
[user=testuser] [service=rcmd] [realm=] [mech=pam] [reason=PAM auth
error]
Sep 19 09:34:03 tn1 saslauthd[3210]: get_accept_lock : acquired accept
lock
