From: kj (koffiejunkielistlurkerkoffiejunkie.za.net)
Date: Tue Aug 05 2008 - 19:54:41 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Juan Miscaro wrote:
> Hi everybody,
>
> I have STARTTLS, SMTP-AUTH, and SASL running with cleartext passwords
> in a SQL backend for a while now. I am trying to switch over from
> cleartext to crypt in terms of my passwords stored in MySQL. I have
> things running for IMAP with crypt. For SMTP-AUTH I am using the same
> SQL table and password. I thought all I would need to do is edit my
> smtpd.conf file (point to the encrypted table column and specify crypt
> as password format) but I'm getting
>
> postfix/smtpd[6085]: warning: SASL authentication failure: Password
> verification failed
> postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL PLAIN
> authentication failed: authentication failure
> postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL LOGIN
> authentication failed: authentication failure

I'm using libsasl2 in Debian Etch (not sure if this is Cyrus or not,
none of the included documents specify) but either ways, I use sasl with
pam and pam with mysql.

~# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

# cat /etc/pam.d/smtp
auth required pam_mysql.so user=postfix passwd=YOURPASS host=127.0.0.1
db=postfix table=mailbox usercolumn=username passwdcolumn=password
crypt=1 md5=1
account sufficient pam_mysql.so user=postfix passwd=YOURPASS
host=127.0.0.1 db=postfix table=mailbox usercolumn=username
passwdcolumn=password crypt=1 md5=1

One other gotcha is that if you're running Postfix in a chroot, you have
to make sasl put it's socket in the Postfix chroot, otherwise it won't work.

 From /etc/defaults/saslauthd:

# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian

Hope this helps!

--kj

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]