SASL and PAM under Postfix

Mark Olbert mark at arcabama.com
Sat Aug 6 11:54:40 PDT 2005


Thanx for the quick reply. 
It turns out the problem was that, while I had a pam config file for the
smtp service, it wasn't configured properly. Copying over the one I use for
sshd did the trick.
- Mark
 

-----Original Message-----
From: blfs-support-bounces at linuxfromscratch.org
[mailto:blfs-support-bounces at linuxfromscratch.org] On Behalf Of Archaic
Sent: Saturday, August 06, 2005 10:21 AM
To: BLFS Support List
Subject: Re: SASL and PAM under Postfix

On Sat, Aug 06, 2005 at 10:08:51AM -0700, Mark Olbert wrote:
> 
> But when I do an AUTH PLAIN with my base64 encoded credentials, pam
refuses
> to authenticate. The saslauthd debug trace shows that it correctly
received
> the credentials, but these were rejected by pam.

According to cyrus-sasl-2.1.21/doc/sysadmin.html:

If you are using the PAM method to verify passwords with saslauthd, keep
in mind that your PAM configuration will need to be configured for each
service name that is using saslauthd for authentication.  Common service
names are "imap", "sieve", and "smtp".

Also, make sure you read postfix-2.2.5/README_FILES/SASL_README
especially where it says:

IMPORTANT: all users must be able to authenticate using ALL
authentication mechanisms advertised by Postfix, otherwise the
negotiation might end up with an unsupported mechanism, and
authentication would fail.

grepping for PAM in both the postfix and the sasl source trees yields
much information.

-- 
Archaic

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs

-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page




More information about the blfs-support mailing list