Re: Problem using Postfix, saslauthd and pam_krb5

Fri, 06 Nov 2009 23:51:30 -0800 

Viktor,
Hi
I hope that you are still following this thread. After a couple of testing,
I saw the following error in auth.log:

Nov  7 11:14:51 client2 saslauthd[2882]: DEBUG: auth_pam: pam_authenticate
failed: Permission denied
Nov  7 11:14:51 client2 saslauthd[2882]: do_auth         : auth failure:
[user=rana] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]

Do you have any ideas about these?

Kind Regards
Ali Majdzadeh Kohbanani

2009/11/2 Ali Majdzadeh <ali.majdza...@gmail.com>

> Victor,
> Hello
> Thanks a lot for your help. I am going to test your solutions. Thanks
> again.
>
> Warm Regards
> Ali Majdzadeh Kohbanani
>
> 2009/11/2 Victor Duchovni <victor.ducho...@morganstanley.com>
>
> On Sun, Nov 01, 2009 at 04:30:21PM +0330, Ali Majdzadeh wrote:
>>
>> > I have configured saslauthd to use pam for password verification and I
>> want
>> > to use pam_krb5 as the authentication back-end. I have set the following
>> > options in /etc/postfix/sasl/smtpd.conf:
>> >
>> > log_level: 3
>> > pwcheck_method: saslauthd
>> > mech_list: plain login
>> >
>> > Also, I have entered the following lines in /etc/pam.d/smtp
>> >
>> > auth            sufficient      /lib/security/pam_krb5.so
>> minimum_uid=1000
>> > session         required        /lib/security/pam_krb5.so
>> minimum_uid=1000
>> > account         required        /lib/security/pam_krb5.so
>> minimum_uid=1000
>> > password        sufficient      /lib/security/pam_krb5.so
>> minimum_uid=1000
>> >
>> > When I use testsaslauthd as "testsaslauthd -u user -p pass -s smtp -f
>> > /var/run/saslauthd/mux", it can successfully authenticate the user which
>> has
>> > a corresponding principal in my kerberos configuration. But, when I want
>> to
>> > use telnet to actually test the smtp server, the authentication fails.
>>
>> > By
>> > the way, what should be provided to the server when the desired
>> > authentication mechanism is plain? (Is that something like:  perl
>> > -MMIME::Base64 -e 'print encode_base64("user\0pass")')?
>>
>> No. You need a leading "\0" for an empty authzid.
>>
>>        "\0user\0pass"
>>
>> --
>>        Viktor.
>>
>> Disclaimer: off-list followups get on-list replies or get ignored.
>> Please do not ignore the "Reply-To" header.
>>
>> To unsubscribe from the postfix-users list, visit
>> http://www.postfix.org/lists.html or click the link below:
>> <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
>>
>> If my response solves your problem, the best way to thank me is to not
>> send an "it worked, thanks" follow-up. If you must respond, please put
>> "It worked, thanks" in the "Subject" so I can delete these quickly.
>>
>
>

Reply via email to