[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian sarge + sendmail + sasl2 + auth login problem



On Fri, 10 Jun 2005, Tim Warnock wrote:

Ive installed the new version of sendmail then sasl2-bin and
libsasl2-modules. Sasl and libsasl and all associated modules
(libsasl-modules-plain?) were already installed.

Good, you're pretty much there

Saslauthd is starting fine after editing /etc/default/saslauthd and its
set to use pam as a mechanism.

Good

Unfortunately, there is no automagic way to migrate to /etc/sasldb2 :(

That bites...  if you do `sasldblistusers`, you'll probably find lots
of users, but `sasldblistusers2` will likely have no entries :(

The SASL folks didn't provide a tool to automagically migrate sasldb - ok, actually they did; if you used gdbm, but Debian didn't... So, you
need to make sure PAM is actually used for the plaintext authentication.

250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

Ok, at least 90% there...

If anyone can see anything I missed or need to add I'd appreciate the
help.

what is in /etc/mail/sasl/Sendmail.conf.2 ?

I have the following:
	auto_transition: true
	pwcheck_method: auxprop saslauthd
	auxprop_plugin: sasldb
	allowanonymouslogin: 0
	allowplaintext: 1
	mech_list: EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

That setup will allow SASL to convert and answer the encrypted
passwords, and fall-back to PAM for plain/login.

--
Rick Nelson
<Midgar> From all the sterotypes about Aussies, I figure you guys are
         really tough.
<Midgar> ;p
<krusto> we'll throw koala's at you



Reply to: