Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] postfix/imap/cyrus-sasl and Pam backend
From: Andreas Winkelmann (mlawinkelmann.de)
Date: Wed Mar 10 2004 - 09:09:36 CST
Am Mittwoch, 10. März 2004 16:02 schrieb Markus Feilner:
> > > But: saslauthd uses User/Password combinations from sasldb. Why?
> > No. saslauthd and sasldb are two diffrent things.
> OK. I believe you.
> But it does not behave as i want to:
> I have sytem user xxx with password yyy (pam) and saslaccount xxx with
> password zzz in sasldb.
> Why can this user only send (smtp) and recieve mail (imap) when he
> enters his sasldb password zzz, even though the setup of saslauthd is
> configured for pam? saslauthd is obviously using pam because only PLAIN
> and LOGIN are allowed, trying other methods creates errors.
> When I give my mail client the user data from the pam account user=xxx
> password=yyy, i get "SASL PLAIN authentication failed".
I think there happens the "fallback" from Cyrus-SASL. If it does not find the
smtpd.conf the default is to use "auxprop" which uses "sasldb". Another thing
can be, if you are offering mechs which cannot be handled by saslauthd, for
example "cram-md5" or "digest-md5" then Cyrus-SASL uses sasldb even though
saslauthd is configured.
Start saslauthd with "-d -a pam", then it prints some debugging-informations.
Try to authenticate and check the output.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here