On Wed, 12 Apr 2006, Netlink Tech wrote:
On Wed, 12 Apr 2006, Igor Brezac wrote:
On Wed, 12 Apr 2006, Netlink Tech wrote:
Hello,
I have a FC5 x86_64 server with saslauthd 2.1.21, sendmail 8.13.6, etc.
I have SMTP_auth working fine with 'user' using PAM.
I would like to get it working with 'user@xxxxxxxxxxxxxx' using PAM.
My saslauthd is started from initd with the following options:
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam
When I use testsaslauthd I get the following:
[root]# testsaslauthd -u testuser -p test1234 -s smtp
0: OK "Success."
[root]# testsaslauthd -u testuser@xxxxxxxxxxxxxx -p test1234 -s smtp
0: NO "authentication failed"
Log file shows this on authentication failure:
Apr 12 12:23:25 mighty saslauthd[31617]: do_auth : auth failure:
[user=testuser@xxxxxxxxxxxxxx] [service=smtp] [realm=] [mech=pam]
[reason=PAM auth error]
How can I strip the domain before sending the auth request to PAM?
It is done automatically by libsasl.
--
Igor
That is what I thought when reading docs/archived lists, but it doesn't
appear that it is doing it. I read that the -r option leaves the realm/domain
intact...but I am not starting saslauthd with -r...so I expect that it WOULD
strip off the domain.
BUT, testsaslauthd fails auth and logfile shows PAM auth error.
Doesn't that mean that it is in fact not stripping of the domain?
Nop... testsaslauthd does not use libsasl. It talks directly with
saslauthd. You can use sample/(client|server) if you want to simulate a
real sasl2 client.
--
Igor
