|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: AlxFrag (alxfrag
gmail.com)
Date: Wed Jan 09 2008 - 02:18:09 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
mouss wrote:
> AlxFrag wrote:
>> mouss wrote:
>>> AlxFrag wrote:
>>>> hi,
>>>>
>>>> i'm trying to use cyrus sasl with postfix. but i get the error:
>>>> "SASL authentication failure: cannot connect to Courier
>>>> authdaemond: Permission denied".
>>>>
>>>> postconf -n shows:
>>>>
>>>> alias_maps = hash:/etc/postfix/aliases
>>>> broken_sasl_auth_clients = yes
>>>> command_directory = /usr/sbin
>>>> config_directory = /etc/postfix
>>>> daemon_directory = /usr/libexec/postfix
>>>> debug_peer_level = 2
>>>> html_directory = no
>>>> local_recipient_maps = ldap:/etc/postfix/local_recipients.cf
>>>> mail_owner = postfix
>>>> mailq_path = /usr/bin/mailq
>>>> manpage_directory = /usr/local/man
>>>> message_size_limit = 20480000
>>>> mydestination =
>>>> mydomain = soc.uoc.gr
>>>> mynetworks = 127.0.0.1, my_other_ips
>>>> newaliases_path = /usr/bin/newaliases
>>>> queue_directory = /var/spool/postfix
>>>> readme_directory = no
>>>> recipient_delimiter = +
>>>> sample_directory = /etc/postfix
>>>> sendmail_path = /usr/sbin/sendmail
>>>> setgid_group = postdrop
>>>> smtpd_recipient_restrictions =
>>>> permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
>>>> smtpd_sasl_auth_enable = yes
>>>> smtpd_sasl_local_domain =
>>>> smtpd_sasl_path = smtpd
>>>> smtpd_sender_restrictions = check_sender_access
>>>> hash:/etc/postfix/block_senders
>>>> unknown_local_recipient_reject_code = 550
>>>> virtual_alias_maps = hash:/etc/postfix/alias_domains
>>>> virtual_gid_maps = ldap:/etc/postfix/virtual_gid.cf
>>>> virtual_mailbox_base = /
>>>> virtual_mailbox_domains = my_virtual_domain
>>>> virtual_mailbox_maps = ldap:/etc/postfix/virtual_mailbox_maps.cf
>>>> virtual_minimum_uid = 100
>>>> virtual_uid_maps = ldap:/etc/postfix/virtual_uid.cf
>>>>
>>>> **********************************************
>>>> in smtpd.conf:
>>>>
>>>> pwcheck_method: authdaemond
>>>> mech_list: PLAIN LOGIN
>>>> authdaemond_path: /usr/local/var/spool/authdaemon/socket
>>>>
>>>> ls -l /usr/local/var/spool/authdaemon/socket shows:
>>>>
>>>> srwxrwxrwx 1 root root 0 2008-01-08 13:15
>>>>
>>>> Any ideas?
>>>
>>> try:
>>>
>>> # su someuser
>>> % ls -l /usr/local/var/spool/authdaemon/socket
>>>
>>>
>> i tried:
>> #su courier
>> ls -l /usr/local/var/spool/authdaemon/socket
>> ls: cannot access /usr/local/var/spool/authdaemon/socket: Permission
>> denied
>
> I hope you now understand that the socket is not acessible to regular
> users.
>
> for a user to acess a file, he must be able to visit all parent
> directories. ls -l /usr/local/var/spool/authdaemon will tell you.
>
>>
>> The pop/imap server runs under the user "courier" and authentication
>> works fine. Permission is for some reason denied to postfix only.
>
> This is not true since your 'ls -l' command above proved that the
> courier user cannot access the socket.
>
> if courier is suid, it can access any file.
The solution to this problem was:
|chmod o+x /usr/local/var/spool/authdaemon
|
|Thanks
|
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]