NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2003-12

I Broke SASL/SMTP Auth

From: Lukreme (kremelskreme.com)
Date: Mon Dec 01 2003 - 14:58:41 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FreeBSD 5.1, postfix 2.0.16. cyrus-sasl-2.1.15

% ldd `postconf -h daemon_directory`/smtpd
/usr/local/libexec/postfix/smtpd:
         libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x2809b000)
         libssl.so.3 => /usr/lib/libssl.so.3 (0x280af000)
         libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x280e0000)
         libmysqlclient.so.10 =>
/usr/local/lib/mysql/libmysqlclient.so.10 (0x281eb000)
         libz.so.2 => /usr/lib/libz.so.2 (0x28209000)
         libm.so.2 => /usr/lib/libm.so.2 (0x28217000)
         libpcre.so.0 => /usr/local/lib/libpcre.so.0 (0x28234000)
         libc.so.5 => /usr/lib/libc.so.5 (0x2823f000)
         libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x28317000)

% cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb

% cat /usr/local/etc/pam.d/smtp
         auth sufficient pam_ldap.so
         auth required pam_unix.so use_first_pass
         account sufficient pam_ldap.so
         account required pam_unix.so use_first_pass
         password sufficient pam_ldap.so
         password required pam_unix.so use_first_pass
         session required pam_unix.so

I don't currently have SASL enabled in postfix because:

% sasldblistusers2
can't getkeyhandle
listusers failed

# tail /var/log/auth.log
Dec 1 13:54:05 saslauthd[95246]: server_exit : master exited: 95246
Dec 1 13:54:39 saslauthd[16059]: detach_tty : master pid is: 16059
Dec 1 13:54:39 saslauthd[16059]: ipc_init : listening on
socket: /var/state/saslauthd/mux
Dec 1 13:54:43 sasldblistusers2: Could not open db

and, when I still had it enabled, i was getting:

postfix/smtpd[81549]: warning: x.client.comcast.net[24.9.x.x]: SASL
CRAM-MD5 authentication failed
postfix/smtpd[81549]: warning: SASL authentication failure: Could not
open db
postfix/smtpd[81549]: warning: SASL authentication failure: Could not
open db
postfix/smtpd[81549]: warning: SASL authentication failure: no secret
in database

however:

% ps auxww | grep sasl
root 95246 0.0 0.5 1324 632 ?? Is 1:16PM 0:00.00
saslauthd -a pam
root 95247 0.0 0.5 1324 632 ?? I 1:16PM 0:00.00
saslauthd -a pam
root 95248 0.0 0.5 1324 632 ?? I 1:16PM 0:00.00
saslauthd -a pam
root 95249 0.0 0.5 1324 632 ?? I 1:16PM 0:00.00
saslauthd -a pam
root 95250 0.0 0.5 1324 632 ?? I 1:16PM 0:00.00
saslauthd -a pam

I've been through all my past mails from when I did get this working,
and I thought I had everything configured correctly.

--
This is our music from the bachelor's den, the sound of loneliness
turned up to ten. A harsh soundtrack from a stagnant waterbed and it
sounds just like this. This is the sound of someone losing the plot,
making out that they're OK when they're not. You're gonna like it, but
not a lot. And the chorus goes like this...

application/pkcs7-signature attachment: smime.p7s

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]