[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [postfix-tls] SASL LOGIN authentication failed [SOLVED]

On Fri, Jan 09, 2004 at 09:51:09PM -0500, Michael B Allen wrote:
| Thanks as usual Derrick. I got it working. I believe the problem was
| that postfix opens the pwcheck UNIX domain socket in
| /var/spool/postfix/var/run/pwcheck whereas the pwcheck daemon opens
| it in /var/run/pwcheck.

Aha.  That discrepancy is due to the fact that the debian package runs
smtpd chrooted by default.  If you un-chroot the smptd process, then
it will use the correct absolute path, as expected.

| The postfix-tls package does not create these directories and the
| necessary link. This is also not explained well (at all) in the
| documentation.
| This page provided the crucial information (and looks interesting in
| other respects):
|   http://www.projektfarm.com/en/support/debian_setup/

I took a quick look, and that page doesn't mention the chroot flag at
all.  Either it tells you to make the pwcheck socket in the chroot
jail, or the author forgot to mention un-chrooting smtpd.

| Do you think it would be productive to contact the maintainer?

Probaly not.  LaMont knows he chroots the daemons for the debian
package (it's a conscious change from the defaults Wietse ships
postfix with).

| > --- /etc/default/saslauthd
| > START=yes
| > MECHANISMS="pam"
| >
| > Then start saslauthd (/etc/init.d/saslauthd start) and reload postfix'
| > configuration (/etc/init.d/postfix reload).  Then test it.  I usually
| I tried to find saslauthd without luck:
| # apt-cache search saslauthd

This reveals nothing because the word 'saslauthd' does not appear in a
package name or description.  Normally you could search the contents
of packages at http://packages.debian.org/, but I think that service
is not yet restored from the break-in.

I know that with SASL2, saslauthd is in the 'sasl2-bin' package (since
I have it installed, and 'dlocate' tells me that).  Have you tried
installing and looking in the 'sasl-bin' package, for SASL1?

| # apt-file update
| # apt-file search saslauthd

I don't have apt-file, and haven't used it yet, so I can't explain why
this search doesn't yield any results.

| > Regarding pwcheck, I saved the following notes :
| >     # http://www.thecabal.org/~devin/postfix/smtp-auth.txt
| Inaccessable :(

Oh.  Well, it's an old URL.  I copied the URL and the information I
wanted into my sasl/smtpd.conf file for reference.


If your life is a hard drive,
Christ can be your backup.
www: http://dman13.dyndns.org/~dman/            jabber: dman@dman13.dyndns.org

Attachment: signature.asc
Description: Digital signature

Reply to: