* Ann Onemouse <annonemouse@xxxxxx>: > Hello, Dan, and other SASL experts. > > A quick update: I have decided to try using SASL's PAM mechanism, since > that's what seems to be setup by default. > > So, I rebuild my system from scratch (it's just a Xen VM, after all), > and installed all cyrus-sasl RPMs: > ================================== > cyrus-sasl-ldap-2.1.22-4 > cyrus-sasl-devel-2.1.22-4 > cyrus-sasl-plain-2.1.22-4 > cyrus-sasl-ntlm-2.1.22-4 > cyrus-sasl-sql-2.1.22-4 > cyrus-sasl-plain-2.1.22-4 > cyrus-sasl-ntlm-2.1.22-4 > cyrus-sasl-ldap-2.1.22-4 > cyrus-sasl-lib-2.1.22-4 > cyrus-sasl-2.1.22-4 > cyrus-sasl-lib-2.1.22-4 > cyrus-sasl-sql-2.1.22-4 > cyrus-sasl-gssapi-2.1.22-4 > cyrus-sasl-md5-2.1.22-4 > cyrus-sasl-devel-2.1.22-4 > cyrus-sasl-2.1.22-4 > cyrus-sasl-md5-2.1.22-4 > cyrus-sasl-gssapi-2.1.22-4 > ================================== > > When I start up SASL with "service saslauthd start", here's what's > running: > ================================== > [root@emailrelay ~]# ps auxwww | grep sasl > root 4828 0.0 0.3 46648 804 ? Ss 16:10 0:00 /usr/ > sbin/saslauthd -m /var/run/saslauthd -a pam > ================================== > It's using PAM, right? It should work with any shell account I create, > right? > > So, I create a regular Unix shell account, set the password to '1234', > and verify that I can login as the user in question. > ================================== > ann@some-other-host:~> ssh relay@xxxxxxxxxxxxxxxxxxxxxxx > relay@xxxxxxxxxxxxxxxxxxxxxxx's password: [ here I type '1234' ] > Last login: Mon Nov 17 16:06:15 2008 from xxx.xxx.xxx.xxx > [relay@emailrelay ~]$ > ================================== > OK, shell login works. Later, if I can get this working, I will set the > shell to "/sbin/nologin". > > > Now, at this point, SASL should authenticate against these credentials > with no problem, right? So, why won't this work? > ================================== > [root@emailrelay ~]# testsaslauthd -u relay -p 1234 > 0: NO "authentication failed" > ================================== > and from /var/log/messages... > ================================== > Nov 17 16:47:49 emailrelay saslauthd[4831]: do_auth : auth > failure: [user=relay] [service=imap] [realm=] [mech=pam] [reason=PAM > auth error] > ================================== Specify the service_name 'smtp' if you want to test SMTP AUTH setup with PAM: # testsaslauthd -s smtp -u relay -p 1234 This tells PAM to use settings from /etc/pam.d/smtp and not from /etc/pam.d/imap (if this file exists at all). p@rick > > OK, now I'm really baffled. Is the testsaslauthd broken? Am I using it > incorrectly? What does the [service=imap] mean? > > This use case seem dead simple, but is not working. :( > > Thanks for any insights, > - Ann > > > -- All technical answers asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
