Re: postfix with SASL over PAM
Hi Jose,
Maybe your smtpd (smtp/smtps) is chrooted? Check your master.cf for
this. And for shadow auth you probably also have to add postfix to the
shadow group..
Hope this helps :)
Regards,
-Rodi
On Fri, 2003-08-29 at 00:19, Jose Alberto Guzman wrote:
> I'm trying to get posfix authenticate (for relaying purposes) users
> with SASL via PAM on woody.
>
> I've installed posftix, posftix-tls, libsasl and it´s modules.
>
> Following the READMEs, I can see that postfix does support SASL auth
> LOGIN and PLAIN mechanisms:
>
> 220 mybox.over.here ESMTP Postfix (Debian/GNU)
> EHLO localhost
> 250-mybox.over.here
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
> 250-XVERP
> 250 8BITMIME
>
> But when I try to authenticate with plain (base64 encoded:
> 'user\0user\0password'), posfix complains with :
>
>
> postfix/smtpd[2134]: connect from localhost[127.0.0.1]
> postfix/smtpd[2134]: PAM _pam_init_handlers: could not open /etc/pam.conf
> postfix/smtpd[2134]: PAM pam_start: failed to initialize handlers
> postfix/smtpd[2134]: warning: localhost[127.0.0.1]: SASL PLAIN
> authentication failed
>
> I've added the following lines to my working postfix's main.cf:
>
> smtpd_sasl_auth_enable = yes
> smtpd_recipient_restrictions = check_relay_domains permit_mynetworks
> permit_sasl_authenticated
>
> And /etc/pam.d/smtp looks like:
> #%PAM-1.0
> auth required pam_nologin.so
> auth required pam_unix.so
> auth required pam_env.so
> account required pam_unix.so
> session required pam_unix.so
> session required pam_limits.so
>
>
> To be on the safe side, I also added the following lines to /etc/pam.conf
>
> smtp auth required pam_nologin.so
> smtp auth required pam_unix.so
> smtp auth required pam_env.so
> smtp account required pam_unix.so
> smtp session required pam_unix.so
> smtp session required pam_limits.so
>
> Both pam files are world readable.
>
> Also, the file /etc/postfix/sasl/smtpd.conf contains:
>
> pwcheck_method: pam
>
> and it's perms are: 0644
>
> With sasl over shadow, it just warns: SASL PLAIN authentication failed.
>
> Has anyone managed to get woody's postfix to authenticate with sasl
> over pam?
>
>
>
> Thanks in advance
>
>
> José
--
Met vriendelijke groet / Kind regards,
Rodi Evers (revers@hbh-it.nl)
HBH Automatisering B.V.
Koningslaan 30,
1075 AD Amsterdam,
The Netherlands.
Phone : +31 20 662 41 45
Fax : +31 20 676 44 78
----------------------------------------------------------------------
----------------------------------------------------------------------
De informatie verzonden met dit e-mail bericht is uitsluitend bestemd
voor de geadresseerde. Gebruik van deze informatie door anderen dan
de geadresseerde is verboden. Openbaarmaking, vermenigvuldiging,
verspreiding en/of verstrekking van deze informatie aan derden is niet
toegestaan. Horlings, Brouwer & Horlings staat niet in voor de juiste
en volledige overbrenging van de inhoud van een verzonden e-mail, noch
voor tijdige ontvangst daarvan.
Website: http://www.hbh-it.nl/
----------------------------------------------------------------------
----------------------------------------------------------------------
The information contained in this communication is confidential and
may be legally privileged. It is intented solely for the use of the
individual orentity to whom it is addressed and others authorised to
receive it. If you are not the intended recipient you are hereby
notified that any disclosure, copying, distribution or taking any
action in reliance on the contents of this information is strictly
prohibited and may be unlawful. Horlings, Brouwer & Horlings is
neither liable for the proper and complete transmission of the
information contained in this communication nor for any delay in its
receipt.
Website: http://www.hbh-it.nl/
----------------------------------------------------------------------
----------------------------------------------------------------------
Reply to: