SASL and PAM under Postfix
archaic at linuxfromscratch.org
Sat Aug 6 10:20:36 PDT 2005
On Sat, Aug 06, 2005 at 10:08:51AM -0700, Mark Olbert wrote:
> But when I do an AUTH PLAIN with my base64 encoded credentials, pam refuses
> to authenticate. The saslauthd debug trace shows that it correctly received
> the credentials, but these were rejected by pam.
According to cyrus-sasl-2.1.21/doc/sysadmin.html:
If you are using the PAM method to verify passwords with saslauthd, keep
in mind that your PAM configuration will need to be configured for each
service name that is using saslauthd for authentication. Common service
names are "imap", "sieve", and "smtp".
Also, make sure you read postfix-2.2.5/README_FILES/SASL_README
especially where it says:
IMPORTANT: all users must be able to authenticate using ALL
authentication mechanisms advertised by Postfix, otherwise the
negotiation might end up with an unsupported mechanism, and
authentication would fail.
grepping for PAM in both the postfix and the sasl source trees yields
Want control, education, and security from your operating system?
Hardened Linux From Scratch
More information about the blfs-support