On Sun Mar 10, 2002 at 10:02:35AM -0800, David Guntner wrote: > > Another thing that I find strange, was his /usr/lib/sasl/smtpd.conf > > file. It contained lines which should be in /etc/pam.d/smtpd. When I > > had postfix+SMTP AUTH somewhat working, I had nothing but pwcheck_method > > in there - and this file seemed to be totally ignored, by the way. > > THAT'S IT!!!!!!!!!!!! > > Thanks, Alexander, for pointing that out. > > Vincent, assuming you're still reading this thread... :-) One of the .rpm > files for sasl puts in a not-so-good /usr/lib/sasl/smtpd.conf. As I > believe I mentioned to you earlier, found that I already had a > /usr/lib/sasl/smtpd.conf file, which contained: > > # more /etc/pam.d/smtp > #%PAM-1.0 > auth required /lib/security/pam_stack.so service=system-auth > account required /lib/security/pam_stack.so service=system-auth > #
Oooh... shit... I musta completely missed that. That definately
isn't right. That stuff belongs in /etc/pam.d/smtp, not
/usr/lib/sasl/smtpd.conf. Now that I look at the packages in updates,
I see that the pam stuff is in there. Definately not good.
I'll fix that as soon as I'm finished with this zlib stuff. I'll also
double-check cooker right away to make sure that isn't the case in
there either.
Thanks for spotting that, Alexander.
> I added "pwcheck_method: pam" to the bottom of that as a quick test, but
> the sasl stuff kept aborting with an error in the syslog (the one I've
> listed). Once I took those lines out and left just the newly-added
> pwcheck_method line, it no longer dies. /etc/pam.d/smtp already exists,
> with the above lines present in it.
Ok... good! At least we're getting somewhere!
> $ telnet {my host} 25
> Trying {my IP}...
> Connected to {my host}.
> Escape character is '^]'.
> 220 {my host} No UCE No UBE No Spam ESMTP Postfix (Postfix-20010228-pl03)
> (Mandrake Linux)
> ehlo localhost
> 250-{my host}
> 250-PIPELINING
> 250-SIZE 10240000
> 250-ETRN
> 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
> 250 8BITMIME
> auth login
> 334 VXNlcm5hbWU6
> mrobin
> 334 UGFzc3dvcmQ6
> {my friend's password}
> 535 Error: authentication failed
> quit
> 221 Bye
> Connection closed by foreign host.
> $
>
> I don't know why the login failed (feel free to give me pointers as to what
> I'm doing wrong...), but at least the thing is giving me the opportunity to
> try, which is better than what I've *been* getting. :-) So far, I've
> tried "pwcheck_method: pam" and "pwcheck_method: shadow" with /etc/shadow
> set to mode 644 for testing purposes, but authentication has failed so far.
Well, if the password is correct, it should work fine. I'm assuming
at this point that you have the correct password, mrobin is in your
/etc/passwd and /etc/shadow files, and so forth.
> Vincent, you might want to talk with the people who wrap up that package
> about not wrapping it up with a /usr/lib/sasl/smtpd.conf file that contains
> lines which are going to cause the sasl stuff to abort when someone tries
> to turn it on from within postfix. Just a thought... :-)
No doubt... =) I'm going to fix it in updates soon, and will check
cooker to make sure it is correct.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
"lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import"
1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD
Current Linux kernel 2.4.8-34.1mdk uptime: 1 day 1 hour 51 minutes.
msg50825/pgp00000.pgp
Description: PGP signature
