Sean O'Malley wrote:
try:
testsaslauthd -u username -p password -r "127.0.0.1;234" -s servicename
(the -r flag probably isn't needed, i believe it specifies the realm
name.)
This should test saslauthd and your pam configuration.
I believe on redhat they called it cyrus-testsaslauthd or something along
those lines if it is included.
If that works, you know your backend is configured correctly.
I would probably try it with pam_unix and a local account if that doesnt
work, just to see if the problem is with your pam stack or with the pam
module.
Thanks Sean. On my CentOS 5.2 system it's testsaslauthd:
-bash-3.2# testsaslauthd -u <local_user> -p <pass> -r "127.0.0.1;234" -s
system-auth
0: OK "Success."
However, using pam_ruby:
-bash-3.2# testsaslauthd -u <user> -p <pass> -r "127.0.0.1;234" -s smtp
0: NO "authentication failed"
/var/log/messages has:
Jul 22 16:44:10 ip-10-251-215-230 saslauthd[6419]: do_auth :
auth failure: [user=test] [service=smtp] [realm=127.0.0.1;234]
[mech=pam] [reason=PAM auth error]
I'm assuming this means everything is ok up to my /etc/pam.d/smtp
file.... anywhere else I can look for more details on any PAM errors or
errors with pam_ruby?
However, playing around a bit more with sasl2-sample-server/client I get
different results:
sasl2-sample-server -s system-auth -p8000
......
performing SASL negotiation: user not foundclosing connection
sasl2-sample-client -s system-auth -p 8000 -m LOGIN localhost
receiving capability list... recv: {53}
CRAM-MD5 ANONYMOUS NTLM LOGIN PLAIN DIGEST-MD5 GSSAPI
CRAM-MD5 ANONYMOUS NTLM LOGIN PLAIN DIGEST-MD5 GSSAPI
send: {5}
LOGIN
send: {1}
N
recv: {9}
Username:
please enter an authentication id: <user>
Password:
send: {4}
<user>
recv: {9}
Password:
send: {9}
<password>
authentication failed
closing connection
-David
