[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SMTP autentiseringsproblem med PAM

Hej!

Tack för snabbt svar!
Vad jag vet har jag konfigurerat saslauthd, dvs. om /etc/default/saslauthd är dess konfigurationsfil; 

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information. 
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
#OPTIONS="-c -m /var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

Med Vänlig Hälsning
Philip Lundqvist
-----Ursprungligt meddelande----- From: Jeremiah Foster 
Sent: Sunday, September 25, 2011 8:48 PM
To: Philip Lundqvist
Cc: Debian-user-swedish
Subject: Re: SMTP autentiseringsproblem med PAM

2011/9/25 Philip Lundqvist <philiplundqvist@gmail.com>:

Hej allihop!

Under en dryg veckas tid har jag försökt få igång en egen mailserver här i
hemmet. Jag har däremot stött på ett litet problem, det vill säga
autentiseringen till SMTP-servern fungerar inte.

Jag använder Postfix med Courier IMAP/POP3 samt virtuella e-postkonton som
lagras i en MySQL-databas.

Det här är ett utdrag ur /var/log/auth.log;
Sep 25 00:30:33 hostname saslauthd[3166]: PAM pam_parse: expecting return
value; [...sufficent]
Sep 25 00:30:33 hostname saslauthd[3166]: DEBUG: auth_pam: pam_acct_mgmt
failed: Permission denied
Sep 25 00:30:33 hostname saslauthd[3166]: do_auth         : auth failure:
[user=user@example.com] [service=smtp] [realm=example.com] [mech=pam]
[reason=PAM acct error]


But what is logging in your auth.log file is saslauthd. Has that been
configured? That is the missing glue that is causing your problems
right now.


Ovan har jag ersatt mitt hostname med “hostname” och domännamnet med
“example.com.

Min /etc/pam.d/smtp ser ut som följer;
auth    required  pam_mysql.so user=mail_admin passwd=mail_admin_password
host=localhost db=mail table=mail.users usercolumn=email
passwdcolumn=password crypt=1
account sufficent pam_mysql.so user=mail_admin passwd=mail_admin_password
host=localhost db=mail table=mail.users usercolumn=email
passwdcolumn=password crypt=1
Jag har en liten aning om att problemet med att autentisera kan ha något med första raden i /var/log/auth.log att göra. Det som väcker mina misstankar är 
sambandet mellan “account sufficent” och “expecting return value:
[...sufficent] samt det faktum att om jag tar bort en bokstav från det
förstnämnda sker motsvarande förändring i loggfilen.

En annan tanke är att PAM använder en annan krypteringsalgoritm än när jag
skriver in lösenordet i databasen med MySQL ENCRYPT().

Någon som har några tips om vart jag kan leta efter lösningen på detta
problem, eller rent av hur jag kan lösa det?


Postfix / Courier uses SASL usually for authentication. Look at your
SASL configuration and I imagine you'll be a lot closer to solving
this problem.

Regards,
Jeremiah
Reply to: