|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Frank Gruellich (frank
der-frank.org)
Date: Mon Nov 19 2007 - 17:29:39 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Quoting fixed: please don't wrap command outputs]
* Michael Hallager <michaelnetworkstuff.co.nz> 15. Nov 07:
> > not sure if you need it, but, I'm using it:
> >
> > # cat smtp
> > #%PAM-1.0
> > auth required pam_mysql.so user=xxxxx passwd=yyyyy host=127.0.0.1 db=zzzzzz table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1
> > account sufficient pam_mysql.so user=xxxxx passwd=yyyyy host=127.0.0.1 db=zzzzzz table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1
> With the 2nd line it allows SMTP relaying even with an incorrect password.
sufficient means that access is granted immediatelly if that PAM returns
success, success or not of further modules doesn't matter. In general
you want to have "account required" there. I don't know why Postfix (or
saslauthd) asks for auth and account, IMHO auth would be enough, but
maybe that is needed for other stuff beside smtp.
Given that I don't think that this line is your problem. Removing the
account line makes saslauthd fall back to /etc/pam.d/other, so check the
same line there. It *really* should read
account required pam_deny.so
or you should have a *very* good reason for everything else. And you
should read your logfiles, probably something like /var/log/secure.
HTH, kind regards,
Frank.
--
Sigmentation fault
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]