Victor, Hello Thanks a lot for your help. I am going to test your solutions. Thanks again.
Warm Regards Ali Majdzadeh Kohbanani 2009/11/2 Victor Duchovni <victor.ducho...@morganstanley.com> > On Sun, Nov 01, 2009 at 04:30:21PM +0330, Ali Majdzadeh wrote: > > > I have configured saslauthd to use pam for password verification and I > want > > to use pam_krb5 as the authentication back-end. I have set the following > > options in /etc/postfix/sasl/smtpd.conf: > > > > log_level: 3 > > pwcheck_method: saslauthd > > mech_list: plain login > > > > Also, I have entered the following lines in /etc/pam.d/smtp > > > > auth sufficient /lib/security/pam_krb5.so > minimum_uid=1000 > > session required /lib/security/pam_krb5.so > minimum_uid=1000 > > account required /lib/security/pam_krb5.so > minimum_uid=1000 > > password sufficient /lib/security/pam_krb5.so > minimum_uid=1000 > > > > When I use testsaslauthd as "testsaslauthd -u user -p pass -s smtp -f > > /var/run/saslauthd/mux", it can successfully authenticate the user which > has > > a corresponding principal in my kerberos configuration. But, when I want > to > > use telnet to actually test the smtp server, the authentication fails. > > > By > > the way, what should be provided to the server when the desired > > authentication mechanism is plain? (Is that something like: perl > > -MMIME::Base64 -e 'print encode_base64("user\0pass")')? > > No. You need a leading "\0" for an empty authzid. > > "\0user\0pass" > > -- > Viktor. > > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the "Reply-To" header. > > To unsubscribe from the postfix-users list, visit > http://www.postfix.org/lists.html or click the link below: > <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> > > If my response solves your problem, the best way to thank me is to not > send an "it worked, thanks" follow-up. If you must respond, please put > "It worked, thanks" in the "Subject" so I can delete these quickly. >