Ali.Naddaftrilogy.com
Date: Thu Jul 22 2004 - 09:06:25 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI, using "-r" with 2.1.19 worked. Thanks Patrick,
Ali.

Patrick Ben Koetter <pstate-of-mind.de>
Sent by: owner-postfix-userspostfix.org
07/19/2004 08:26 PM

 
        To: postfix-userspostfix.org
        cc:
        Subject: Re: smtpd + sasl

* Ali.Naddaftrilogy.com <Ali.Naddaftrilogy.com> [040720 03:13]:
> Patrick,
>
> Now that my original setup is working, I want to make a change to be
> able to handle same local names for different people across different
> virtual domains that I have.
>
> So far I have been just using the local names for users'
> authentication and after your help, I have been able to do that
> successfully. However, I know that soon I have to use more specific
> usernames, so I would like to use the complete email address (say
> alicompany.com) for SMTPD + SASL authentication (as username).
> Currently, the "uid" field in my ldap entries are being matched
> against the usernames, so I tried setting that to the full email
> address. If I set the "uid" in my ldap entry to the email address,
> (cyrus) IMAP works fine and authenticates but the smtpd
> authentication through SASL fails. Looking at the syslog, it seems to
> me that something is passing only the local name of the whole email
> address to my ldap server and doing a search based on that, ignoring
> the rest of the email address.

I haven't tried this yet, but you can give it a shot:
Update SASL to Cyrus-SASL.2.1.19 and start saslauthd with the '-r'
option. This will make saslauthd pass the REALM (the domainpart of your
mail address). Earlier versions strip it and sometimes don't. *sigh

The part I don't know is if smtpd will strip the REALM.

prick

> What step(s) do I need to take to make email addresses work for
> usernames as well? If this is a purely SASL question, and as a result
> this is not the right forum for this question, please let me know, and
> I apologize in advance if that is the case.
>
> Thanks,
> Ali.
>
>
>
>
>
>
> Patrick Ben Koetter <pstate-of-mind.de>
> Sent by: owner-postfix-userspostfix.org
> 07/17/2004 08:47 PM
>
>
> To: postfix-userspostfix.org
> cc:
> Subject: Re: smtpd + sasl
>
>
> * Ali.Naddaftrilogy.com <Ali.Naddaftrilogy.com> [040718 03:42]:
> > Patrick,
> > I added "smtpd_sasl_local_domain =" to my main.cf, removed all but
PLAIN
> from my smtpd.conf and reloaded
> > postfix but still the same result. I have one question: although my
> > smtpd.conf now looks like:
> > ---- /usr/lib/sasl2/smtpd.conf------------
> > pwcheck_method: saslauthd
> > mech_list: PLAIN
> > -----------------------------------------------------
> > still the response to "ehlo *****" when I telnet to port 25 includes a

> lot
> > more options:
> > 250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> >
> > Is that because it sees all the above libraries and then reports them
> > or there is a different setting?
>
> Did I tell you to edit /usr/lib/sasl2/smtpd.conf? If yes, then I am
> awfully sorry. Debian has it different! I don't run Debain, but IIRC it
> must be /etc/postfix/sasl/smtpd.conf and not /usr/lib/sasl2/smtpd.conf.
>
> Give it a shot. If it doesn't work, read the README that comes with your
> Debain package. I was told it documents where smtpd.conf should be.
>
> prick
>
> > BTW, I am using only the local part for usernames.
>
> Very well. It should work real soon.
>
> --
> I take the freedom to ignore offlist messages. Open Source software
> requires open access to information that tells all of us how to run it.
> Don't deprive the community of that!
>
> SMTP AUTH HOWTO: <http://postfix.state-of-mind.de/patrick.koetter/>
>
>
>

--
I take the freedom to ignore offlist messages. Open Source software
requires open access to information that tells all of us how to run it.
Don't deprive the community of that!

SMTP AUTH HOWTO: <http://postfix.state-of-mind.de/patrick.koetter/>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]