SASL and PAM issue
Jason DiCioccio
geniusj at gmail.com
Mon Nov 15 14:15:08 UTC 2004
Greetings,
I have written my own PAM module and having some issues specifically
getting it to work properly with Cyrus-SASL 1.5.28. I am trying to
use cyrus-sasl with sendmail for SMTP auth. Here's the issue
specifically:
I have pam_alakazam.c (my PAM module). In the code you can see the
following in pam_sm_authenticate():
incryptpw = crypt((char *)password, realcryptpw);
if(strcmp(incryptpw, realcryptpw) == 0) {
D(("Authentication successful"));
return(PAM_SUCCESS);
}
In my PAM debug log, I'm getting the message "Authentication
successful" when I enter in a correct user/pass pair (using smtptest).
However, sendmail is giving me an authentication failure (-13). I
do not get this same error if I change the pam config so that sendmail
uses pam_pwdb.so instead. However, I cannot figure out why, if SASL
is receiving a PAM_SUCCESS return code from pam_sm_authenticate, and
it's not calling any of the other functions in pam_alakazam, it would
return a fail code.
I am thinking that I could just be missing something simple in my module.
Perhaps someone more experienced with PAM/SASL than myself, can shed
some light on this problem. What additional conditions must be met
for SASL to return success to sendmail?
My /etc/pam.d/smtp looks like this:
#%PAM-1.0
auth required /lib/security/pam_alakazam.so
account required /lib/security/pam_alakazam.so
session required /lib/security/pam_alakazam.so
Any help would be greatly appreciated.
Thanks!
Jason DiCioccio
More information about the Pam-list
mailing list