Dne středa 27. července 2022 19:49:35 CEST, lovecraftesque via Info napsal(a):
> #%PAM-1.0
>
> auth sufficient /lib64/security/pam_radius_auth.so
> localifdown auth required pam_unix.so
> account required pam_unix.so
>
> What I am doing wrong? Why is the SASL authentication failing?
>
pam_unix.so is authenticating against /etc/passwd and /etc/shadow
> This aside, I downloaded a SASL PAM module, which works as expected when in
> /etc/pam.d/MyApp I replace pam_unix.so with the name of the shared library
> associated with this module: pam_sasl.so. In this case, the SASL
> authentication works, and the SASL daemon is not necessary: the SASL PAM
> module seems to be matching passwords against the /etc/sasldb2 file
> directly.
SASL daemon is there to pass auth from SASL library to PAM.
PAM will try radius and fall back to pam_sasl (/etc/sasldb2)
If you would use only /etc/sasldb2, then you could use it directly without PAM
and SASL deamon.
--
Best Regards
Vladislav Kurz
------------------------------------------
Cyrus: Info
Permalink: https://cyrus.topicbox.com/groups/info/T3bb539860cb02798-M8e65929d14ac0c934d26ac96
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
