[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Problems w/PAM+SASL+Postfix



Using Red Hat Linux 7.2, which includes 0.75 and (probably) some
patches.  Cyrus-SASL 1.5.24, stock RH.  Postfix 20011008, built with
SASL support.  I'm trying to get SASL AUTH working with Postfix,
but PAM seems to be failing.  I've traced and debugged down to
where I'm fairly certain there's something wrong either with PAM,
my PAM configuration, or the interaction between PAM and SASL.
Here are my configurations:

/etc/postfix/main.cf:
smtpd_sasl_auth_enable = yes
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated

/etc/postfix/master.cf has smtpd running non-chroot (in fact,
I just set everything to run non-chroot, just to see).

/usr/lib/sasl/smtpd.conf:
pwcheck_method:pam

/etc/pam.d/smtp (strace showed me this was the correct file):

#%PAM-1.0
auth sufficient /lib/security/pam_unix.so debug use_first_pass likeauth
...

or:

#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth debug

and system-auth (stock RH72):
uth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

I've tried with:

auth	required /lib/security/pam_permit.so

And it authenticates just fine.  I've run strace and ltrace on the
smtpd process, and I can see my username & password being decoded
just fine, but the PAM modules still return an error.  ("debug"
doesn't seem to do anything with pam_{env,unix}, only pam_stack).  I've
enabled debugging in Postfix and it logs this (encoded username/password
stripped for obvious reasons):

Nov 20 13:27:45 testserver postfix/smtpd[11110]: < workstation[192.168.X.X]: AUTH PLAIN encoded_username_and_password

Nov 20 13:27:45 testserver postfix/smtpd[11110]: smtpd_sasl_authenticate: sasl_method PLAIN, init_response encoded_username_and_password

Nov 20 13:27:45 testserver postfix/smtpd[11110]: smtpd_sasl_authenticate: decoded initial response wcooley

Nov 20 13:27:46 testserver smtpd[11110]: warning: workstation[192.168.X.X]: SASL PLAIN authentication failed

Nov 20 13:27:46 testserver smtpd[11110]: > workstation[192.168.X.X]: 535 Error: authentication failed

So, can anyone give me a clue as to what's going wrong?

Wil
-- 
W. Reilly Cooley                           wcooley@nakedape.cc
Naked Ape Consulting                        http://nakedape.cc
irc.linux.com                             #orlug,#pdxlug,#lnxs

A prohibitionist is the sort of man one wouldn't care to drink with
-- even if he drank.
		-- H.L. Mencken

Attachment: pgp00004.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []