Re: postfix smtp authentication
Finally I have solved the problem destroying the security :-)
To allow access to /etc/shadow file, now Postfix user ('postfix') runs as
member or shadow group, and that's all: now it runs ok.
So I want to know if anybody uses that configuration (postfix as shadow
groups, or /etc/shadow readable by everybody). After making a strace to the
master process (and searching in 10.000 lines), I observed that the pam
subsystem tried first to open directly /etc/shadow, it failed, and then it
tried to use unix_chkpwd(), that I have not discovered why not goes ok.
On Mar/04/2003, Serkan Hamarat wrote:
> Seems confs are okay. Look also authentication log files under
> /var/log/ . I hope it gives a clue. i remember that it must be
> log/auth.log or it writes in log/syslog file.
>
> Try to add an 'acct' line to your pam.d/smtp file :
> auth required pam_unix.so
> acct required pam_unix.so
>
> Finnaly; try to uninstall libsasl2 and libsasl2-modules-plain or
> something like version 2 sasl, if you use stable.
>
>
> Hector wrote:
> >
> > I want to use Postfix SMTP Authentication, but I have found some
> >problems to run it: it runs with sasldb, but I need other authentication
> >mechanisms, and I always obtained the same: "535 Error: authentication
> >failed".
> >
> > I have installed:
> > libsasl-digest
> > libsasl-gssapi
> > libsasl-module
> > libsasl2
> > libsasl2-modul
> > libsasl7
> > sasl-bin
> >
> > /etc/postfix/sasl/smtpd.conf contains "pwcheck_method: pam"
> > and /etc/postfix/master.cf (Postfix is NOT chrooted):
> > --------------------
> > # service type private unpriv chroot wakeup maxproc command + args
> > # (yes) (yes) (yes) (never) (100)
> > smtp inet n - n - - smtpd
> > -o smtpd_sasl_auth_enable=yes
> > --------------------
> >
> > in /etc/postfix/main.cf:
> > --------------------
> > smtpd_sasl_auth_enable = yes
> > broken_sasl_auth_clients = yes
> > smtpd_sasl_local_domain = galway.csnet.es
> > smtpd_sasl_security_options = noanonymous
> > --------------------
> >
> > The problem is that in the log I can only see this:
> > --------------------
> > smtpd_sasl_authenticate: sasl_method plain, init_response
> >Y2VASDFSADFAGNlc19jSDAFKJSADFLKJdg=
> > Mar 4 09:41:53 titania postfix/smtpd[21035]: smtpd_sasl_authenticate:
> >decoded initial response xxx_xxxxx
> >Mar 4 09:41:55 titania smtpd[21035]: warning:
> >galway[1.1.1.1]: SASL plain authentication failed
> > --------------------
> >
> > If I tried to use sasldb I authenticate without problems. ¿Does
> >anybody know how is pam configured? I have in /etc/pam.d/smtp the next
> >lines:
> > --------------------
> > #%PAM-1.0
> > auth required pam_unix.so
> > --------------------
> >
> >
> >
> >
> >
> >
>
Reply to: