Am Montag, 2. Juni 2003 17:08 schrieb Jack Coates: > Thanks Luca and Martin, > > There's a few things to answer so I went up the thread a bit and will > try to do both. > > > Luca noted, " > But it won't do you any good if all your secrets are in sasldb. What > happens if you remove completely /usr/lib/sasl/smtpd.conf? (sasldb > should be the default then)." > > When I remove it, SASLDB keeps working. So, does this mean that the PAM > setting never worked at all, and choosing a method which was somehow > valid but not enabled caused the fallthrough to sasldb? I'm just very > puzzled by it not working when I specify sasldb. > > and Luca also noted: > > "This is wrong: the sasldb for v1 and v2 have a different layout, so > they should be two separate and distinct files. This has nothing to do > with your problem though." > > Sorry,I caught that and did the conversion, so the v2 sasldb now lives > in /var/lib/sasl2/sasl.db > > Martin asked, "What about to use sasldb as authentication method?" > One of the things I've done while looking on the web is to note that > sasl's default sasldb location is /etc/sasldb, not > /var/lib/sasl/sasl.db. So, I put in a symlink to the v1 version.
This is a configuration issue at compiletime (or by *.conf file). By default mandrake uses /var/lib/sasl/sasl.db. > > > It just started working when I switched to pwcheck_method: pam. > > > > By just started working, I mean > > 250-AUTH LOGIN DIGEST-MD5 PLAIN CRAM-MD5 > > 250-AUTH=LOGIN DIGEST-MD5 PLAIN CRAM-MD5 > > And Martin notes "This has nothing to do with the authentication mehtod > (besides that only sasldb is able to handle *-MD5 passwords). This two > lines only says thas smtpd is able to use those password encryption > systems (or plain)." > > Understood now -- so the presence of the *-MD5 options means that > Postfix can now communicate with sasldb whereas it couldn't before. So, > this could be caused by either the symlink of the v1 db into /etc, or > the symlink of /var/lib/sasl2/ to /var/state/saslauthd (another change > suggested by Googling). Not entirely; there are some libs in sasl (like libsasl7-plug-digestmd5 package). These libs gives sasl the capability to use digest-md5 or something else. The auth line only says that smtpd is able to handle *-md5 passwords. It don't mean that it is able to autehnticate with it (for example if sasldb is missing). > > > now you're probably wondering what these two things have to do with one > > another... I know I am. > > I should also clarify that I turned off chrooting in > /etc/postfix/main.cf many moons ago. wise decission. > > Urgency is decreased now, but I'm certainly intrigued by the PAM > integration option and I will try to get that working. One possilbe problem is a wrong configure in the *.spec file of your changed sasl srpm. To be sure, recompile it again and watch for the configure line. there should be listed something like '--enable-pam'. > > thanks again, Martin -- ------------------------------------------------------------ H E L I X Gesellschaft für Software & Engineering mbH ------------------------------------------------------------ Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 ------------------------------------------------------------ http://www.helix-gmbh.net [EMAIL PROTECTED] ------------------------------------------------------------
pgp00000.pgp
Description: signature
