Re: how do I get sendmail SMTP-AUTH to use pam (and not SASL2)?
Sorry, I'm being light on information because it seems to me
that SMTP-AUTH is something a huge number of debian/sendmail
users would want and therefor I expected it to be an easy
item to configure (if not the default)...
the /etc/mail/sasl/Sendmail.conf.2 file has this:
auto_transition: true
pwcheck_method: PAM
sasl_pwcheck_method: auxprop saslauthd
auxprop_plugin: sasldb
when I try to send a message I am prompted for the SMTP password
and when entered it fails (though ssh logins work fine.)
/var/log/auth.log gets this appended to it:
Jul 20 22:50:38 mail sm-mta[5429]: OTP unavailable because
can't read/write key database /etc/opiekeys: No such file
or directory
Jul 20 22:50:40 mail sm-mta[5429]: unknown password verifier
Jul 20 22:50:40 mail sm-mta[5429]: Password verification failed
and /var/log/mail.log gets this:
Jul 20 22:50:42 mail sm-mta[5429]: h6L5ocnZ005429:
adsl-XXX-YYY-ZZZ-WWW.dsl.lsan03.pacbell.net [XXX.YYY.ZZZ.WWW] did not
issue MAIL/EXPN/VRFY/ETRN during connection to MTA
I'm guessing "opie" has something to do with this and when
I get my hands on his red headed, freckled ass I'm gonna
beat the sh...
Seriously, what is opie and why would I need it for sasl/pam
authentication? (and if I install opie it doesn't help; It
just doesn't complain about /etc/opiekeys.)
So I figure opie is a result of that weird "auxprop". but if
remove auxprop references from Sendmail.conf.2 then it still
fails to authenticate and then auth.log complains about the
lack of a mysql host.
let's see... SMTP service needs sendmail, which needs sasl,
which needs pam and opie and apparently mysql... Am I the
only one that finds this overly complicated for providing
a single authentication service?
please help. there's got to be any easy way to do this.
I have also tried changing the sasld -a flag to getpwent and
shadow without luck.
Any ideas?
Thanks for your help (Especially Todd for putting up with my
horrible troubleshooting abilities and knowledge about this
whole system.)
- Jeff
and finally here's the sendmail.mc file:
divert(-1)dnl
divert(0)dnl
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.12.9-5 2003-07-01 23:39:44 cowboy Exp
$')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
LOCAL_CONFIG
FEATURE(`masquerade_envelope')dnl
LOCAL_CONFIG
Cwrountreeglass.com
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(access_db)
FEATURE(`smrsh')dnl
include(`/etc/mail/dialup.m4')dnl
include(`/etc/mail/provider.m4')dnl
MAILER_DEFINITIONS
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
LOCAL_CONFIG
include(`/etc/mail/tls/starttls.m4')dnl
On Sun, 2003-07-20 at 20:19, Todd Pytel wrote:
> On 20 Jul 2003 19:42:27 -0700
> "Jeff Wiegley, Ph.D." <jeffw@cyte.com> wrote:
>
> > But how and where do I configure this in debian's installation of
> > sendmail/sasl? and what do I need to run to update/reload it
> > once I've made changes?
> >
> > I've made changes to /etc/mail/sasl/Sendmail.conf.2 but they
> > don't seem to do anything. Maybe I'm not reloading something
> > or this isn't the place to make such changes?
>
> Are you specifying "saslauthd" in that file? Is saslauthd running with
> the correct "-a" flag for your auth scheme (getpwent or pam)? Have
> you read the saslauthd man page? What do the authlogs say?
>
> --Todd
>
Reply to: