Sorry to be so quick on the draw, the only problem was permission to access the shadow file, now it works fine. Which leads to the other problem which I haven't found a clean solution for yet: How to authenticate from a daemon which is not running as (suid) root? Every daemon on my machine which does PAM runs as root, and every utility is suid root. I'd like to keep the SMTP daemon running as a non-root user, so here's the solutions I can think of: - allow read access to /etc/shadow by a new group of non-root PAM users (this is what I've done for now) - chroot the mail server, and run the SMTP portion as root, trusting the jail's walls Neither one seems great to me, comments? Thanks! --joseph sheedy On Thu, Mar 08, 2001 at 11:29:43AM -0500, joseph lahdenpera sheedy wrote: > 'Allo, > > I'm having some troubles doing smtp authentication using PAM through cyrus-sasl. > > Trying 127.0.0.1... > Connected to host.domain. > Escape character is '^]'. > 220 host.domain ESMTP Postfix > EHLO host > 250-host.domain > 250-PIPELINING > 250-SIZE 10240000 > 250-ETRN > 250-AUTH PLAIN > 250 8BITMIME > AUTH PLAIN <base64 string> > 535 Error: authentication failed > > > Here's the relevant information in from the syslog: > > Mar 8 10:39:37 josephs1 PAM_unix[31999]: authentication failure; (uid=502) -> josephs for smtp service > Mar 8 10:39:37 josephs1 PAM-warn[31999]: service: smtp [on terminal: <unknown>] > Mar 8 10:39:37 josephs1 PAM-warn[31999]: user: (uid=502) -> josephs [remote: ?nobody@?nowhere] > > I'm encoding the username/password as indicated by the cyrus-sasl README: > printf 'username\0username\0password' | mmencode > , nor does authentication work with various mail clients. > > Is it easy to get some additional debugging information from PAM, such as what it's receiving, or is there another > problem? > > I'm running the most recent stable postfix (20010228), cyrus-sasl (1.5.24), and PAM (0.72-37). > > Thanks! > > joseph sheedy > josephs@oeone.com > www.oeone.com > > > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list
