Using Red Hat Linux 7.2, which includes 0.75 and (probably) some
patches. Cyrus-SASL 1.5.24, stock RH. Postfix 20011008, built with
SASL support. I'm trying to get SASL AUTH working with Postfix,
but PAM seems to be failing. I've traced and debugged down to
where I'm fairly certain there's something wrong either with PAM,
my PAM configuration, or the interaction between PAM and SASL.
Here are my configurations:

/etc/postfix/main.cf:
smtpd_sasl_auth_enable = yes
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated

/etc/postfix/master.cf has smtpd running non-chroot (in fact,
I just set everything to run non-chroot, just to see).

/usr/lib/sasl/smtpd.conf:
pwcheck_method:pam

/etc/pam.d/smtp (strace showed me this was the correct file):

#%PAM-1.0
auth sufficient /lib/security/pam_unix.so debug use_first_pass likeauth
...

or:

#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth debug

and system-auth (stock RH72):
uth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so

I've tried with:

auth required /lib/security/pam_permit.so

And it authenticates just fine. I've run strace and ltrace on the
smtpd process, and I can see my username & password being decoded
just fine, but the PAM modules still return an error. ("debug"
doesn't seem to do anything with pam_{env,unix}, only pam_stack). I've
enabled debugging in Postfix and it logs this (encoded username/password
stripped for obvious reasons):

Nov 20 13:27:45 testserver postfix/smtpd[11110]: < workstation[192.168.X.X]: AUTH PLAIN encoded_username_and_password

Nov 20 13:27:45 testserver postfix/smtpd[11110]: smtpd_sasl_authenticate: sasl_method PLAIN, init_response encoded_username_and_password

Nov 20 13:27:45 testserver postfix/smtpd[11110]: smtpd_sasl_authenticate: decoded initial response wcooley

Nov 20 13:27:46 testserver smtpd[11110]: warning: workstation[192.168.X.X]: SASL PLAIN authentication failed

Nov 20 13:27:46 testserver smtpd[11110]: > workstation[192.168.X.X]: 535 Error: authentication failed

So, can anyone give me a clue as to what's going wrong?

Wil

-- 
W. Reilly Cooley                           wcooleynakedape.cc
Naked Ape Consulting                        http://nakedape.cc
irc.linux.com                             #orlug,#pdxlug,#lnxs
A prohibitionist is the sort of man one wouldn't care to drink with
-- even if he drank.
		-- H.L. Mencken

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org

iD8DBQE7+s0RJpn3uYWUEaoRAlb9AJ98XknbiZUJO/Obrpyn7L1qmpvRDACdGT6/ XrBUf0PqdHU5wrlueqjYqtA= =1/oT -----END PGP SIGNATURE-----

_______________________________________________ Pam-list mailing list Pam-listredhat.com https://listman.redhat.com/mailman/listinfo/pam-list

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]