[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problems w/PAM+SASL+Postfix



Em Wed, Nov 21, 2001 at 07:05:40AM -0800, Wil Cooley escreveu:
> successfully opening /etc/shadow, although I guess not.  (I guess
> I assumed pam_unix.so would call unix_chkpwd if it wasn't root.)

It does, but only to authenticate the user calling it, not somebody
else, iirc.

> > Or use the pwcheck method in SASL, which also requires another
> > daemon. I've never tried that, though.
> 
> grep'ing through the txts with my pam distribution, I don't see
> any docs on configuring unix_chkpwd, how the heck to use it?

It's part of the sasl package. I think the only doc is a small readme
and a FAQ entry, you should be able to find it in the tarball or at
the sasl website.

But it's only for plaintext passwords, if you use /etc/sasldb, for
instance, it should be enough to have that file readable by the
postfix daemon. I tried it once with openldap running as an "ldap"
user and granting read access to that file (sasldb) for the "ldap" 
group, it worked. But this gets more complex if other daemons need
read access to it too.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []