NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2006-12

Postfix not trying authdaemond SASL for CRAM-MD5

From: Alexander Burke (postfixalexburke.ca)
Date: Thu Dec 14 2006 - 11:09:58 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, list!

I've configured Postfix with Cyrus-SASL, Cyrus-IMAP, and MySQL. CRAM-MD5
authentication is not being attempted against the database, even though
it stores both plaintext and md5 passwords:

Dec 14 11:35:36 centos4 postfix/smtpd[19759]: warning: SASL
authentication failure: no secret in database
Dec 14 11:35:36 centos4 postfix/smtpd[19759]: warning: client[1.2.3.4]:
SASL CRAM-MD5 authentication failed
Dec 14 11:35:36 centos4 authdaemond: received auth request,
service=smtp, authtype=login
Dec 14 11:35:36 centos4 authdaemond: authmysql: trying this module
Dec 14 11:35:36 centos4 authdaemond: SQL query: SELECT id, crypt, pw,
uid, gid, home, maildir, "", gecos, "" FROM passwd WHERE id =
"userdomain.tld" AND (en='1')
Dec 14 11:35:36 centos4 authdaemond: supplied password does not match
encrypted password
Dec 14 11:35:36 centos4 authdaemond: authmysql: REJECT - try next module
Dec 14 11:35:36 centos4 authdaemond: FAIL, all modules rejected
Dec 14 11:35:36 centos4 postfix/smtpd[19759]: warning: SASL
authentication failure: Password verification failed
Dec 14 11:35:36 centos4 postfix/smtpd[19759]: warning: client[1.2.3.4]:
SASL PLAIN authentication failed
Dec 14 11:35:36 centos4 authdaemond: received auth request,
service=smtp, authtype=login
Dec 14 11:35:36 centos4 authdaemond: authmysql: trying this module
Dec 14 11:35:36 centos4 authdaemond: SQL query: SELECT id, crypt, pw,
uid, gid, home, maildir, "", gecos, "" FROM passwd WHERE id =
"userdomain.tld" AND (en='1')
Dec 14 11:35:36 centos4 authdaemond: supplied password does not match
encrypted password
Dec 14 11:35:36 centos4 authdaemond: authmysql: REJECT - try next module
Dec 14 11:35:36 centos4 authdaemond: FAIL, all modules rejected
Dec 14 11:35:36 centos4 postfix/smtpd[19759]: warning: client[1.2.3.4]:
SASL LOGIN authentication failed

Here's the contents of my /usr/lib/sasl2/smtpd.conf:

pwcheck_method: authdaemond
log_level: 4
mech_list: plain login cram-md5 digest-md5
authdaemond_path: /var/spool/authdaemon/socket

In /etc/authlib/authmysqlrc, I've declared both MYSQL_CRYPT_PWFIELD and
MYSQL_CLEAR_PWFIELD. Here are the SASL bits in main.cf:

smtpd_client_restrictions =
    permit_sasl_authenticated
    permit_mynetworks
    reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sasl_auth_enable = yes
#smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sasl_application_name = smtpd
server_enabled = 1

Can anyone point me in the right direction to get CRAM-MD5 working off
the MySQL backend along with the rest of the auth methods?

Thanks in advance,
Alex

--
Alexander Burke, A+, CCNA
Hardware hacker and all-around technogeek

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]