SASL and PAM under Postfix

Archaic archaic at
Sat Aug 6 10:20:36 PDT 2005

On Sat, Aug 06, 2005 at 10:08:51AM -0700, Mark Olbert wrote:
> But when I do an AUTH PLAIN with my base64 encoded credentials, pam refuses
> to authenticate. The saslauthd debug trace shows that it correctly received
> the credentials, but these were rejected by pam.

According to cyrus-sasl-2.1.21/doc/sysadmin.html:

If you are using the PAM method to verify passwords with saslauthd, keep
in mind that your PAM configuration will need to be configured for each
service name that is using saslauthd for authentication.  Common service
names are "imap", "sieve", and "smtp".

Also, make sure you read postfix-2.2.5/README_FILES/SASL_README
especially where it says:

IMPORTANT: all users must be able to authenticate using ALL
authentication mechanisms advertised by Postfix, otherwise the
negotiation might end up with an unsupported mechanism, and
authentication would fail.

grepping for PAM in both the postfix and the sasl source trees yields
much information.


Want control, education, and security from your operating system?
Hardened Linux From Scratch

More information about the blfs-support mailing list