NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2005-04

Advice on SASL setup requested

From: Franco Gasperino (francogasperino.org)
Date: Fri Apr 01 2005 - 20:10:51 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Currently im testing a setup using Postfix 2.2.x + sasl 2.1.19 + pam 0.76
(pam_pgsql 5.2) + postgresql 7.4.x.

I'm able to debug this a little, and after a bit of testing it appears that
somewhere in the SASL libraries it drops/converts the Postfix AUTH login from
a full address (userdomain.com) to a domain/realm-less username (user). This
is using the saslauthd daemon. Using testsaslauthd seems to pass the full
address, user and realm, just fine. However, I've read that testsaslauthd
does not use the same underlying mechanisms.

I've seen examples of auxprop in the SASL_README and other places, but don't
know the pros/cons of this method compared to saslauthd.

To anyone else who has experienced this issue, what workaround(s) have you
found to be successful? A general direction anyone can point me at would be
helpful.

-----

Apr 1 17:52:46 server postfix/smtpd[4548]: warning: 10.0.100.4: hostname
station-3.home.gasperino.org verification failed: Name or service not known
Apr 1 17:52:46 server postfix/smtpd[4548]: connect from unknown[10.0.100.4]
Apr 1 17:52:46 server postfix/smtpd[4548]: match_hostname: unknown ~?
127.0.0.1/32
Apr 1 17:52:46 server postfix/smtpd[4548]: match_hostaddr: 10.0.100.4 ~?
127.0.0.1/32
Apr 1 17:52:46 server postfix/smtpd[4548]: match_hostname: unknown ~?
10.0.100.0/24
Apr 1 17:52:46 server postfix/smtpd[4548]: match_hostaddr: 10.0.100.4 ~?
10.0.100.0/24
Apr 1 17:52:46 server postfix/smtpd[4548]: > unknown[10.0.100.4]: 220
mail.gasperino.org ESMTP Postfix (Debian/GNU)
Apr 1 17:52:46 server postfix/smtpd[4548]: watchdog_pat: 0x8072090
Apr 1 17:52:46 server postfix/smtpd[4548]: < unknown[10.0.100.4]: EHLO
station-3.home.gasperino.org
Apr 1 17:52:46 server postfix/smtpd[4548]: > unknown[10.0.100.4]:
250-mail.gasperino.org
Apr 1 17:52:46 server postfix/smtpd[4548]: > unknown[10.0.100.4]:
250-PIPELINING
Apr 1 17:52:46 server postfix/smtpd[4548]: > unknown[10.0.100.4]: 250-SIZE
20480000
Apr 1 17:52:46 server postfix/smtpd[4548]: > unknown[10.0.100.4]: 250-ETRN
Apr 1 17:52:46 server postfix/smtpd[4548]: > unknown[10.0.100.4]: 250-AUTH
LOGIN PLAIN
Apr 1 17:52:46 server postfix/smtpd[4548]: match_list_match: unknown: no
match
Apr 1 17:52:46 server postfix/smtpd[4548]: match_list_match: 10.0.100.4: no
match
Apr 1 17:52:46 server postfix/smtpd[4548]: > unknown[10.0.100.4]:
250-AUTH=LOGIN PLAIN
Apr 1 17:52:46 server postfix/smtpd[4548]: > unknown[10.0.100.4]: 250
8BITMIME
Apr 1 17:52:46 server postfix/smtpd[4548]: watchdog_pat: 0x8072090
Apr 1 17:52:46 server postfix/smtpd[4548]: < unknown[10.0.100.4]: AUTH PLAIN
Apr 1 17:52:46 server postfix/smtpd[4548]: smtpd_sasl_authenticate:
sasl_method PLAIN
Apr 1 17:52:46 server postfix/smtpd[4548]: smtpd_sasl_authenticate: uncoded
challenge:
Apr 1 17:52:46 server postfix/smtpd[4548]: > unknown[10.0.100.4]: 334
Apr 1 17:52:46 server postfix/smtpd[4548]: < unknown[10.0.100.4]:
ZnJhbmNvQGdhc3Blcmluby5vcmcAZnJhbmNvQGdhc3Blcmluby5vcmcAZnVja2hheDBycw==
Apr 1 17:52:46 server postfix/smtpd[4548]: smtpd_sasl_authenticate: decoded
response: francogasperino.org
Apr 1 17:52:46 server postgres[4549]: [1-1] LOG: connection received:
host=127.0.0.1 port=33468
Apr 1 17:52:46 server postgres[4549]: [2-1] LOG: connection authorized:
user=mail database=mail
Apr 1 17:52:46 server postgres[4549]: [3-1] LOG: statement: SELECT password
FROM mailboxes WHERE address='franco'
Apr 1 17:52:46 server postfix/smtpd[4548]: warning: SASL authentication
failure: Password verification failed
Apr 1 17:52:46 server postfix/smtpd[4548]: warning: unknown[10.0.100.4]: SASL
PLAIN authentication failed
Apr 1 17:52:46 server postfix/smtpd[4548]: > unknown[10.0.100.4]: 535 Error:
authentication failed
Apr 1 17:52:46 server postfix/smtpd[4548]: watchdog_pat: 0x8072090
Apr 1 17:52:46 server postfix/smtpd[4548]: smtp_get: EOF
Apr 1 17:52:46 server postfix/smtpd[4548]: match_hostname: unknown ~?
127.0.0.1/32
Apr 1 17:52:46 server postfix/smtpd[4548]: match_hostaddr: 10.0.100.4 ~?
127.0.0.1/32
Apr 1 17:52:46 server postfix/smtpd[4548]: match_hostname: unknown ~?
10.0.100.0/24
Apr 1 17:52:46 server postfix/smtpd[4548]: match_hostaddr: 10.0.100.4 ~?
10.0.100.0/24
Apr 1 17:52:46 server postfix/smtpd[4548]: lost connection after AUTH from
unknown[10.0.100.4]
Apr 1 17:52:46 server postfix/smtpd[4548]: disconnect from
unknown[10.0.100.4]

Franco

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]