OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Liviu Daia (Liviu.Daiaimar.ro)
Date: Wed Dec 12 2001 - 07:15:57 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On 12 December 2001, Craig Skinner <craig_skinnerlinuxmail.org> wrote:
    > > Postfix uses whatever mechanisms SASL says it can handle. If
    > > SASL says it can handle plain, it means it has support for plain
    > > compiled in. It doesn't necessarily mean that actually trying to
    > > use plain will succeed.
    >
    > OK.
    >
    > If postfix is advertising PLAIN to clients, will they attempt to use
    > it & then because it will fail, then go into a loop?

        No. The authentication will fail. SMTP dialogue will continue as
    if no authentication was tried.

    > Would it be better to have the highest form of encryption stated first
    > incase a client just picks the first in a list?

        Postfix doesn't know (or care) about authentication mechanisms.
    Only SASL does.

    > (SASL configure here, I guess)

        I believe you can't change the order in which SASL advertises them.

    > Compare sample-auth.cf (find: HORROR!)
    >
    > I compiled SASL with
    > configure
    > --enable-java
    > --with-javabase=/usr/local/java

       Do you have a Java client that needs SASL binding? (Ok, this has
    nothing to do with Postfix).

    > --with-gnu-ld
    > --enable-login
    > --disable-krb4
    > --disable-gssapi
    > --with-OpenSSL
    > --with-des=/usr/local/ssl
    > --with-rc4=/usr/local/ssl
    > --enable-digest

        Looks ok to me.

    > plain is enabled by default in configure.
    >
    > Maybe I should recompile without plain and/or login.
    >
    >
    > >
    > > Are you running Postfix chrooted? If you are, you should copy
    > > /etc/sasldb (better yet, link it into) the jail.
    >
    >
    > No. I'll deffinitely try later on if I can get it to work out of a
    > jail now.

        Well, I've run out of ideas.

    [...]
    > How does postfix ask sasl what is available?

        sasl_listmech().

    > How can I confirm that postfix is actually speaking to sasl & not just
    > using some defaults/guessing?

        If it shows AUTH in the response to EHLO, it does.

        Regards,

        Liviu Daia 

    -- 
Dr. Liviu Daia               e-mail:   Liviu.Daiaimar.ro
Institute of Mathematics     web page: http://www.imar.ro/~daia
of the Romanian Academy      PGP key:  http://www.imar.ro/~daia/daia.asc
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users