OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Liviu Daia (Liviu.Daiaimar.ro)
Date: Tue Dec 11 2001 - 12:23:48 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On 11 December 2001, Craig Skinner <craig_skinnerlinuxmail.org> wrote:
    > Hi there all,
    >
    > I dunno if this is due to cyrus/sasl/postfix.
    >
    > cyrus 2.0.16
    > sasl 1.5.24
    > postfix 20010228-pl08
    > all from source in /usr/local on Linux.
    >
    > When using imtest (cyrus),
    > imtest -a admin -m plain localhost >> fails (generic
    > failure)

        Yes, you probably have shadow passwords, and imtest can't access the
    shadow file. That's ok, you probably don't want plain anyway.

    > auth=cram-md5 & digest-md5
    >
    > imtest -a admin -m cram-md5|digest-md5|login localhost
    > >> ok
    >
    >
    > but......
    >
    > telnet localhost smtp
    > 220 aberdeen.chstech.co.uk ESMTP Postfix
    > ehlo localhost
    > ..
    > 250-AUTH LOGIN PLAIN
    > 250-AUTH=LOGIN PLAIN
    > ..
    >
    > no mention of cram or digest!

        Postfix uses whatever mechanisms SASL says it can handle.

    > postconf -n | grep sasl
    > broken_sasl_auth_clients = yes
    > lmtp_sasl_auth_enable = yes
    > smtp_sasl_auth_enable = yes
    > smtp_sasl_security_options =
    > noplaintext,noanonymous,noactive,nodictionary
                              ^^^^^^^^^^^^^^^^^^^^^

        Like I said before, lose those. They are only useful with Kerberos.

    > smtpd_sasl_auth_enable = yes
    >
    > sasldblistusers
    > user: admin realm: aberdeen.chstech.co.uk mech: DIGEST-MD5
    > user: cyrus realm: aberdeen.chstech.co.uk mech: PLAIN
    > user: cyrus realm: aberdeen.chstech.co.uk mech: CRAM-MD5
    > user: admin realm: aberdeen.chstech.co.uk mech: PLAIN
    > user: admin realm: aberdeen.chstech.co.uk mech: CRAM-MD5
    > user: cyrus realm: aberdeen.chstech.co.uk mech: DIGEST-MD5
    >
    > Here we have plain, digest & cram.
    >
    > Is this out of whack or what??
    >
    > Any ideas?

        Perhaps Postfix has a different idea about the realm it should check
    passwords into than SASL? Try setting

            smtpd_sasl_local_domain = aberdeen.chstech.co.uk

        Also make sure Postfix can read /etc/sasldb (warning: Postfix
    doesn't use supplementary groups, so adding it to the Cyrus' group won't
    work).

        Regards,

        Liviu Daia 

    -- 
Dr. Liviu Daia               e-mail:   Liviu.Daiaimar.ro
Institute of Mathematics     web page: http://www.imar.ro/~daia
of the Romanian Academy      PGP key:  http://www.imar.ro/~daia/daia.asc
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users