Victor,
Hello
Thanks a lot for your help. I am going to test your solutions. Thanks again.
Warm Regards
Ali Majdzadeh Kohbanani
2009/11/2 Victor Duchovni <victor.ducho...@morganstanley.com>
> On Sun, Nov 01, 2009 at 04:30:21PM +0330, Ali Majdzadeh wrote:
>
> > I have configured saslauthd to use pam for password verification and I
> want
> > to use pam_krb5 as the authentication back-end. I have set the following
> > options in /etc/postfix/sasl/smtpd.conf:
> >
> > log_level: 3
> > pwcheck_method: saslauthd
> > mech_list: plain login
> >
> > Also, I have entered the following lines in /etc/pam.d/smtp
> >
> > auth sufficient /lib/security/pam_krb5.so
> minimum_uid=1000
> > session required /lib/security/pam_krb5.so
> minimum_uid=1000
> > account required /lib/security/pam_krb5.so
> minimum_uid=1000
> > password sufficient /lib/security/pam_krb5.so
> minimum_uid=1000
> >
> > When I use testsaslauthd as "testsaslauthd -u user -p pass -s smtp -f
> > /var/run/saslauthd/mux", it can successfully authenticate the user which
> has
> > a corresponding principal in my kerberos configuration. But, when I want
> to
> > use telnet to actually test the smtp server, the authentication fails.
>
> > By
> > the way, what should be provided to the server when the desired
> > authentication mechanism is plain? (Is that something like: perl
> > -MMIME::Base64 -e 'print encode_base64("user\0pass")')?
>
> No. You need a leading "\0" for an empty authzid.
>
> "\0user\0pass"
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>
