|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jay G. Scott (gl
arlut.utexas.edu)
Date: Thu Oct 01 2009 - 12:25:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Sep 30, 2009 at 11:39:12PM +0200, Patrick Ben Koetter wrote:
> * Jay G. Scott <glarlut.utexas.edu>:
> > okay, maybe i'm catching on.
> >
> > i set up the /etc/sasldb2 method of authentication.
> > that's doing .... so far .... what i want.
> >
> > 1. okay, i guess /etc/postfix/sasl_passwd is only for client
> > security? but why does the client need security? my /etc/postfix/sasl_passwd
>
> Clients need to identify themselves too if a remote server requires that.
>
> > file (and assoc .db) were nonsensical, yet i got authenticated,
> > encrypted email delivered to that machine, and read it w/ mutt.
> > what does /etc/postfix/sasl_passwd really do?
>
> /etc/postfix/sasl_passwd provides a mapping from servers the Postfix smtp
> client connects to and the username:passwords it should use when it
> authenticates with the remote SMTP server.
>
>
> > am i not really using it? should i remove those references in main.cf?
>
> If your Postfix smtp client does not need to authenticate, yes.
>
>
> > i guess /etc/sasldb2 is doing what i wanted. namely, i wanted
> > to make a list of all the users (and passwords) that i liked,
> > and let the mail server play nice with them, and not let
> > anyone else play.
>
> yep.
>
>
> > 2. did i just open holes in my security? is this a pretty reasonable
> > way to do what i want?
>
> Hard to tell without knowing the current config settings. Send an updated
> version of "postconf -n".
that was sent in my email prior, dated 30 sep, 417 lines.
also the saslfinger stuff is in there. ah, whoops. the smtpd.conf
changed, of course. here it is now:
# per koetter book.
log_level: 3
pwcheck_method: auxprop
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
# auxilliary plugin parameters
auxprop_plugin: sasldb
#-------------------
and thank you, by the way.
>
>
> > 3. do i have extraneous stuff in my main.cf file now?
> > what do i need to delete?
>
> postconf -n ...
>
>
> > 4. i said "method of authentication" but that's sloppy, right,
> > i'm using auxprop(?) as the password-verification service?
>
> Nope. auxprop and password-verification service are two pairs of shoes (as we
> say in Germany...).
>
>
> > or saslauthd with an auxprop plugin? i know i'm using saslauthd,
> > i just want to know what the right term is, should i ever
> > need to tell someone what i'm doing.
>
> libsasl uses either an internal method or an external password authentication
> service. If it uses the interal method the (auxprop) plugin reads passwords
> from an authentication backend and compares that plaintext string to the
> password submitted from the mail client. With an external password
> authentication service it just asks the service: Is this password for this
> username valid and the password authentication service responds either "yes"
> or "no".
>
> HTH,
it does, thanks.
j.
>
> prick
>
> --
> All technical questions asked privately will be automatically answered on the
> list and archived for public access unless privacy is explicitely required and
> justified.
>
> saslfinger (debugging SMTP AUTH):
> <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
--
Jay Scott 512-835-3553 glarlut.utexas.edu
Head of Sun Support, Sr. Operating Systems Specialist
Applied Research Labs, Computer Science Div. S224
University of Texas at Austin
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]