[KLUG Members] simple pop access setup
Richard Harding
rick at ricksweb.info
Fri Nov 12 19:45:43 EST 2004
Adam Tauno Williams wrote:
>>>What are you SASLing (?) against? PAM, RADIUS, LDAP, Kerberos?
>>>
>>>
>>I currently have all of the accounts setup in the normal passwd file
>>with false shells. I figure the easiest to work off of would be to auth
>>against that password right now. I have 58 accounts total with an extra
>>25ish a year so it works for now. Down the road I would like to use
>>ldap, but that's for another day.
>>
>>
>
>
>Then I'd assume your using PAM to auth plain text passwords against
>the /etc/passwd & /etc/shadow files (and that PAM already works).
>
>I don't user postfix, but for sendmail one would run the saslauthd
>servive. This listens on a local socket for chalanges (username+secret)
>and responds to the client (in this case your MTA) with an ACK or NACK
>type response.
>
>For sendmail I'd just add -
>define(`confAUTH_MECHANISMS', `PLAIN')dnl
>TRUST_AUTH_MECH(`PLAIN')dnl
>define(`confAUTH_OPTIONS', `A')dnl
> - to my mc file.
>
>and make sure "saslauthd -a pam" is running (called the saslauthd
>service in SuSe & RedHat). "-a" specifies the authentication mechanism
>(dce, getpwent, kerberos5, pam, sasldb, ldap, etc...)
>
>And for sendmail I have to create /usr/lib/sasl2/Sendmail.conf
>containing -
>pwcheck_method: saslauthd
>mech_list: plain
>- which tells the sasl libraries how to behave when loaded into the
>process calling itself sendmail.
>
>
>_______________________________________________
>Members mailing list
>Members at kalamazoolinux.org
>
>
>
Ok, I have come a long way. I can test with testsaslauthd via command
line and it works. When I have in /etc/postfix/sasl/smtpd.conf :
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
and I attempt to connect it times out and I get the following error in
mail.info:
Nov 12 20:40:14 spartan postfix/smtpd[9593]: fatal: no SASL
authentication mechanisms
Nov 12 20:40:15 spartan postfix/master[9570]: warning: process
/usr/lib/postfix/smtpd pid 9593 exit status 1
Nov 12 20:40:15 spartan postfix/master[9570]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
if I take out the mech_list line I get the following errors:
Nov 12 20:27:00 spartan postfix/smtpd[9110]: connect from
unknown[68.xx.xx.xxx]
Nov 12 20:27:04 spartan postfix/smtpd[9110]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2: No such
file or directory
Nov 12 20:27:04 spartan postfix/smtpd[9110]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2: No such
file or directory
Nov 12 20:27:04 spartan postfix/smtpd[9110]: warning: SASL
authentication failure: no secret in database
Nov 12 20:27:04 spartan postfix/smtpd[9110]: warning:
unknown[68.xx.xx.xxx]: SASL CRAM-MD5 authentication failed
Which I am assuming it sees the smptd.conf file, but somehow does not
like the plain & login settings. I have installed:
ii libsasl2 2.1.19-1.5 Authentication abstraction library
ii libsasl2-modul 2.1.19-1.5 Pluggable Authentication Modules for SASL
ii sasl2-bin 2.1.19-1.5 Programs for manipulating the SASL
users dat
Can oneone point me in what I am missing. Since the command line test
works I feel like I am VERY close to nailing this thing.
Thanks
Rick
More information about the Members
mailing list