AUTH with sendmail and saslaud on FC3
Alexander Dalloz
ad+lists at uni-x.org
Mon Apr 10 14:41:37 UTC 2006
Am Mo, den 10.04.2006 schrieb Herward Hoyer (gua808) um 16:22:
> Hi I got a problem to authentificate with Sendmail AUTH.
>
> my maillog:
>
> AUTH: available mech=GSSAPI PLAIN LOGIN DIGEST-MD5 CRAM-MD5 ANONYMOUS, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
> AUTH failure (CRAM-MD5): user not found (-20) SASL(-13): user not found: no secret in database
> AUTH failure (PLAIN): user not found (-20) SASL(-13): user not found: Password verification failed
> AUTH failure (LOGIN): user not found (-20) SASL(-13): user not found: checkpass failed
> AUTH failure (CRAM-MD5): user not found (-20) SASL(-13): user not found: no secret in database
> AUTH failure (PLAIN): user not found (-20) SASL(-13): user not found: Password verification failed
> AUTH failure (LOGIN): user not found (-20) SASL(-13): user not found: checkpass failed
>
> But when i:
> testsaslauthd -u <user> -p <password>
> I can authentificate.
Same $USER used in both cases? If you auth against unix system users
your user has to be just "user" and not "user at realm".
> Some lines from my sendmail.mc
> define(`confAUTH_OPTIONS', `A')dnl
> define(`confAUTH_OPTIONS', `A p')dnl
Just 1 of the 2 lines above can be set! Either you require an SSL/TLS
encrypted connection for plaintext auth or not. Comment one of them with
a leading "dnl". Second alternate requires a working certificate setup.
> define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
Do not offer auth mechs which your backend does not provide! So remove
at least CRAM-MD5 and DIGEST-MD5. Else mail clients like Thunderbird try
to use them and will fail (Thunderbird gracefully falls back then
though).
> my /usr/lib/sasl2/Sendmail.conf
> pwcheck_method:saslauthd
>
> The process:
> 11632 ? Ss 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 1
Stop the saslauthd service and start it by hand in debug mode to see it
logging:
/usr/sbin/saslauthd -d -m /var/run/saslauthd -a pam -n 1
> cat /etc/pam.d/smtp
> #%PAM-1.0
> auth required pam_stack.so service=system-auth
> account required pam_stack.so service=system-auth
And from PAM you auth against what? I guess unix system users.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 16:30:35 up 27 days, 17:18, load average: 0.23, 0.38, 0.18
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060410/2fe292fc/attachment-0001.sig>
More information about the fedora-list
mailing list