SASL and PAM under Postfix

Mark Olbert mark at
Sat Aug 6 11:54:40 PDT 2005

Thanx for the quick reply. 
It turns out the problem was that, while I had a pam config file for the
smtp service, it wasn't configured properly. Copying over the one I use for
sshd did the trick.
- Mark

-----Original Message-----
From: blfs-support-bounces at
[mailto:blfs-support-bounces at] On Behalf Of Archaic
Sent: Saturday, August 06, 2005 10:21 AM
To: BLFS Support List
Subject: Re: SASL and PAM under Postfix

On Sat, Aug 06, 2005 at 10:08:51AM -0700, Mark Olbert wrote:
> But when I do an AUTH PLAIN with my base64 encoded credentials, pam
> to authenticate. The saslauthd debug trace shows that it correctly
> the credentials, but these were rejected by pam.

According to cyrus-sasl-2.1.21/doc/sysadmin.html:

If you are using the PAM method to verify passwords with saslauthd, keep
in mind that your PAM configuration will need to be configured for each
service name that is using saslauthd for authentication.  Common service
names are "imap", "sieve", and "smtp".

Also, make sure you read postfix-2.2.5/README_FILES/SASL_README
especially where it says:

IMPORTANT: all users must be able to authenticate using ALL
authentication mechanisms advertised by Postfix, otherwise the
negotiation might end up with an unsupported mechanism, and
authentication would fail.

grepping for PAM in both the postfix and the sasl source trees yields
much information.


Want control, education, and security from your operating system?
Hardened Linux From Scratch

Unsubscribe: See the above information page

More information about the blfs-support mailing list