Vincent Danen grabbed a keyboard and wrote:
>
> On Sun Mar 10, 2002 at 10:36:09AM -0800, David Guntner wrote:
> >
> > I have to agree with Alexander on this one, Vincent. I've just run a bunch
> > of tests. I used saslpasswd to create a username and password for myself,
> > different from my regular system password. My regular mail client on my
> > Windows machine appears to use CRAM-MD5 when being told to login to the
> > SMTP server with a username and password (when I had the wrong one in, my
> > syslog showed that CRAM-MD5 failed). No matter *what* I put in
> > /usr/lib/sasl/smtpd.conf - pwcheck, pam, shadow - if I use my system
> > password, authentication fails. But if I use the password that I created
> > with saslpasswd, it works fine, regardless of the authentication method
> > that I've selected. Needless to say, this is not very desirable - I want
> > to be able to have users authenticate based on their login password, just
> > like they can do with POP3. Maybe you can check with whoever to find out
> > why it's behaving in this fashion?
>
> If this is the case, then it's a problem with cyrus-sasl itself, and
> the queries should be directed to the author. However, I'm not
> convinced that is the case because the pam/shadow methods worked here
> provided that /etc/shadow was mode 644. I don't know why one would
> work over the other except, perhaps, that cram-md5 and others don't
> work with pam... that may only be supported for plaintext password
> authentication. You may *have* to use sasl.db for cram/digest-md5
> passwords.
Beats me; maybe it just likes you better. :-) Or perhaps whoever rolled
the .rpm file used a strange setup where the libraries decided that only
sasl.db was acceptable, no matter what the person put in? I tried setting
one password in sasl.db which was different than it is in the system
password file. When I used the sasl.db-matching password, it let me auth
cram-md5 just fine (I can't find anything in my mail program's settings
letting me specify the login method...). Using the system password-
matching password got me an authentication error. It would definitely suck
if cram-md5 *required* the use of the sasl.db file, since that seems to be
my only (working) option currently. I am *not* interested in having to
manually add passwords for *any* number of users just to let them relay off
my box. Giving them an account on my system should be enough.
Maybe the next version of the software....? :-)
--Dave
--
David Guntner GEnie: Just say NO!
http://www.akaMail.com/pgpkey/davidg or key server
for PGP Public key
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
