Postfix + SASL2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm having troubles to upgrade from SASL1 to SASL2 on my unstable Debian
box. After upgrade SASL authorization stoped working, it is more than
month or so, now I really need it working again.
main.cf:
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/certs/smtp.pem
smtpd_tls_cert_file = /etc/ssl/certs/smtp.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = semik
broken_sasl_auth_clients = yes
master.cf:
smtp inet n - n - - smtpd -v
sasl/smtpd.conf:
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
/etc/defaults/saslauthd:
# This needs to be uncommented before saslauthd will be run automatically
START=yes
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
MECHANISMS="pam"
/etc/pam.d/smtpd:
auth required pam_unix.so [debug=1]
account required pam_unix.so [debug=1]
password required pam_unix.so
session required pam_unix.so [debug=1]
In maillog is:
postfix/smtpd[9262]: < semik.cesnet.cz[195.113.134.138]: AUTH LOGIN
postfix/smtpd[9262]: smtpd_sasl_authenticate: sasl_method LOGIN
postfix/smtpd[9262]: smtpd_sasl_authenticate: uncoded challenge: Username:
postfix/smtpd[9262]: > semik.cesnet.cz[195.113.134.138]: 334 VXNlcm5hbWU6
postfix/smtpd[9262]: < semik.cesnet.cz[195.113.134.138]: c2VtaWs=
postfix/smtpd[9262]: smtpd_sasl_authenticate: decoded response: semik
postfix/smtpd[9262]: smtpd_sasl_authenticate: uncoded challenge: Password:
postfix/smtpd[9262]: > semik.cesnet.cz[195.113.134.138]: 334 XXX
postfix/smtpd[9262]: < semik.cesnet.cz[195.113.134.138]: XXX=
postfix/smtpd[9262]: smtpd_sasl_authenticate: decoded response: XXX
postfix/smtpd[9262]: SASL LOGIN authentication failed
postfix/smtpd[9262]: > semik.cesnet.cz[195.113.134.138]: 535 Error: authentication failed
postfix/smtpd[9262]: watchdog_pat: 0x80733d0
postfix/smtpd[9262]: < semik.cesnet.cz[195.113.134.138]: QUIT
postfix/smtpd[9262]: > semik.cesnet.cz[195.113.134.138]: 221 Bye
smtp(pam_unix)[8007]: check pass; user unknown
smtp(pam_unix)[8007]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
saslauthd[8007]: DEBUG: auth_pam: pam_authenticate failed: Authentication service cannot retrieve authentication info.
saslauthd[8007]: AUTHFAIL: user=semik@semik service=smtp realm=semik [PAM auth error]
It looks like, that pam for some strange reason did not receive user name.
I tried to run smtp as root, but it don't help so problem is not in
permissions.
- --------------------------------------------------------------
Jan Tomasek aka Semik work: CESNET, z.s.p.o.
http://www.tomasek.cz/ Zikova 4, 160 00 Praha 6
Czech Republic
phone(work): +420 2 2435 5279 http://www.cesnet.cz/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
iD8DBQE92LfU79++DGvj6tMRAs6KAKCMD9N8McvKAx/gyJyfAGvSRLin/gCdHaR+
67e+/aMroPLqVfG/OJBIbjw=
=Iy8N
-----END PGP SIGNATURE-----
Reply to: