Postfix + SASL2

To: debian-user@lists.debian.org
Subject: Postfix + SASL2
From: Jan Tomasek <jan@tomasek.cz>
Date: Mon, 18 Nov 2002 10:50:08 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.42.0211181018150.10943-100000@semik.cesnet.cz>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
I'm having troubles to upgrade from SASL1 to SASL2 on my unstable Debian
box. After upgrade SASL authorization stoped working, it is more than
month or so, now I really need it working again.

main.cf:

smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/certs/smtp.pem
smtpd_tls_cert_file = /etc/ssl/certs/smtp.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = semik
broken_sasl_auth_clients = yes


master.cf:

smtp	  inet	n	-	n	-	-	smtpd -v


sasl/smtpd.conf:

pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux


/etc/defaults/saslauthd:

# This needs to be uncommented before saslauthd will be run automatically
START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"


/etc/pam.d/smtpd:

auth     required       pam_unix.so [debug=1]
account  required       pam_unix.so [debug=1]
password required       pam_unix.so
session  required       pam_unix.so [debug=1]


In maillog is:

postfix/smtpd[9262]: < semik.cesnet.cz[195.113.134.138]: AUTH LOGIN
postfix/smtpd[9262]: smtpd_sasl_authenticate: sasl_method LOGIN
postfix/smtpd[9262]: smtpd_sasl_authenticate: uncoded challenge: Username:
postfix/smtpd[9262]: > semik.cesnet.cz[195.113.134.138]: 334 VXNlcm5hbWU6
postfix/smtpd[9262]: < semik.cesnet.cz[195.113.134.138]: c2VtaWs=
postfix/smtpd[9262]: smtpd_sasl_authenticate: decoded response: semik
postfix/smtpd[9262]: smtpd_sasl_authenticate: uncoded challenge: Password:
postfix/smtpd[9262]: > semik.cesnet.cz[195.113.134.138]: 334 XXX
postfix/smtpd[9262]: < semik.cesnet.cz[195.113.134.138]: XXX=
postfix/smtpd[9262]: smtpd_sasl_authenticate: decoded response: XXX
postfix/smtpd[9262]: SASL LOGIN authentication failed
postfix/smtpd[9262]: > semik.cesnet.cz[195.113.134.138]: 535 Error: authentication failed
postfix/smtpd[9262]: watchdog_pat: 0x80733d0
postfix/smtpd[9262]: < semik.cesnet.cz[195.113.134.138]: QUIT
postfix/smtpd[9262]: > semik.cesnet.cz[195.113.134.138]: 221 Bye

smtp(pam_unix)[8007]: check pass; user unknown
smtp(pam_unix)[8007]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
saslauthd[8007]: DEBUG: auth_pam: pam_authenticate failed: Authentication service cannot retrieve authentication info.
saslauthd[8007]: AUTHFAIL: user=semik@semik service=smtp realm=semik [PAM auth error]


It looks like, that pam for some strange reason did not receive user name.
I tried to run smtp as root, but it don't help so problem is not in
permissions.

- --------------------------------------------------------------
Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
                                      Czech Republic
phone(work): +420 2 2435 5279         http://www.cesnet.cz/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQE92LfU79++DGvj6tMRAs6KAKCMD9N8McvKAx/gyJyfAGvSRLin/gCdHaR+
67e+/aMroPLqVfG/OJBIbjw=
=Iy8N
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Postfix + SASL2
  - From: Jan Tomasek <jan@tomasek.cz>

Prev by Date: Re: Status of XFS
Next by Date: Solved (I think) : Resetting Cron
Previous by thread: CUPS broken (as in printing, not coffee !)
Next by thread: Re: Postfix + SASL2
Index(es):
- Date
- Thread