[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problems w/PAM+SASL+Postfix



Also Sprach Andreas Hasenack:
> Em Wed, Nov 21, 2001 at 07:05:40AM -0800, Wil Cooley escreveu:
> > successfully opening /etc/shadow, although I guess not.  (I guess
> > I assumed pam_unix.so would call unix_chkpwd if it wasn't root.)
> 
> It does, but only to authenticate the user calling it, not somebody
> else, iirc.

Ah, okay.  I thought it would work like SASL's pwcheck/saslauthd.

> > > Or use the pwcheck method in SASL, which also requires another
> > > daemon. I've never tried that, though.
> > 
> > grep'ing through the txts with my pam distribution, I don't see
> > any docs on configuring unix_chkpwd, how the heck to use it?
> 
> It's part of the sasl package. I think the only doc is a small readme
> and a FAQ entry, you should be able to find it in the tarball or at
> the sasl website.

No, I was talking about PAM's unix_chkpwd, not Cyrus SASL's pwcheck.  I
see from what you wrote above what unix_chkpwd is for.

> But it's only for plaintext passwords, if you use /etc/sasldb,
> for instance, it should be enough to have that file readable by the
> postfix daemon. I tried it once with openldap running as an "ldap"
> user and granting read access to that file (sasldb) for the "ldap"
> group, it worked. But this gets more complex if other daemons need
> read access to it too.

Right, that's what I did.  The sasldb my Cyrus IMAP rpms made was
owned by cyrus:mail, and smtpd happens to run :mail, so a simple
addition of group writability took care of it.

The idiot I am, I didn't try to un-shadow my password file to
test it.  I've set this up about once every year for the last 3
years and I keep forgetting the debugging tricks I learn...

Wil
-- 
W. Reilly Cooley                           wcooley@nakedape.cc
Naked Ape Consulting                        http://nakedape.cc
irc.linux.com                             #orlug,#pdxlug,#lnxs

"There was a vague, unpleasant manginess about his appearence; he somehow
seemed dirty, though a close glance showed him as carefully shaven as an
actor, and clad in immaculate linen."
-- H.L. Mencken, on the death of William Jennings Bryan

Attachment: pgp00006.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []