Viktor,
Hi
I managed to test the configuration using the sample programs provided by
Cyrus. But I can not test the configuration using Postfix. Sample users
which are defined as principles are successfully authenticated using PLAIN
authentication mechanism, pam_krb5.so and saslauthd, but the similar
configuration for Postfix, always fails.
Kind Regards
Ali Majdzadeh Kohbanani
2009/11/7 Ali Majdzadeh <ali.majdza...@gmail.com>
> Viktor,
> Sorry about the previous mail. The logs which I sent were incorrect.
> Actually, there are no log messages just the following one in
> /var/log/mail.log:
>
> Nov 7 11:44:54 client2 postfix/smtpd[13159]: warning: SASL authentication
> failure: Password verification failed
>
> But, as I told you before, I can successfully test the authentication
> process using sasltestuser.
>
>
> Kind Regards
> Ali Majdzadeh Kohbanani
>
> 2009/11/7 Ali Majdzadeh <ali.majdza...@gmail.com>
>
> Viktor,
>> Hi
>> I hope that you are still following this thread. After a couple of
>> testing, I saw the following error in auth.log:
>>
>> Nov 7 11:14:51 client2 saslauthd[2882]: DEBUG: auth_pam: pam_authenticate
>> failed: Permission denied
>> Nov 7 11:14:51 client2 saslauthd[2882]: do_auth : auth failure:
>> [user=rana] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
>>
>> Do you have any ideas about these?
>>
>> Kind Regards
>> Ali Majdzadeh Kohbanani
>>
>> 2009/11/2 Ali Majdzadeh <ali.majdza...@gmail.com>
>>
>> Victor,
>>> Hello
>>> Thanks a lot for your help. I am going to test your solutions. Thanks
>>> again.
>>>
>>> Warm Regards
>>> Ali Majdzadeh Kohbanani
>>>
>>> 2009/11/2 Victor Duchovni <victor.ducho...@morganstanley.com>
>>>
>>> On Sun, Nov 01, 2009 at 04:30:21PM +0330, Ali Majdzadeh wrote:
>>>>
>>>> > I have configured saslauthd to use pam for password verification and I
>>>> want
>>>> > to use pam_krb5 as the authentication back-end. I have set the
>>>> following
>>>> > options in /etc/postfix/sasl/smtpd.conf:
>>>> >
>>>> > log_level: 3
>>>> > pwcheck_method: saslauthd
>>>> > mech_list: plain login
>>>> >
>>>> > Also, I have entered the following lines in /etc/pam.d/smtp
>>>> >
>>>> > auth sufficient /lib/security/pam_krb5.so
>>>> minimum_uid=1000
>>>> > session required /lib/security/pam_krb5.so
>>>> minimum_uid=1000
>>>> > account required /lib/security/pam_krb5.so
>>>> minimum_uid=1000
>>>> > password sufficient /lib/security/pam_krb5.so
>>>> minimum_uid=1000
>>>> >
>>>> > When I use testsaslauthd as "testsaslauthd -u user -p pass -s smtp -f
>>>> > /var/run/saslauthd/mux", it can successfully authenticate the user
>>>> which has
>>>> > a corresponding principal in my kerberos configuration. But, when I
>>>> want to
>>>> > use telnet to actually test the smtp server, the authentication fails.
>>>>
>>>> > By
>>>> > the way, what should be provided to the server when the desired
>>>> > authentication mechanism is plain? (Is that something like: perl
>>>> > -MMIME::Base64 -e 'print encode_base64("user\0pass")')?
>>>>
>>>> No. You need a leading "\0" for an empty authzid.
>>>>
>>>> "\0user\0pass"
>>>>
>>>> --
>>>> Viktor.
>>>>
>>>> Disclaimer: off-list followups get on-list replies or get ignored.
>>>> Please do not ignore the "Reply-To" header.
>>>>
>>>> To unsubscribe from the postfix-users list, visit
>>>> http://www.postfix.org/lists.html or click the link below:
>>>> <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
>>>>
>>>> If my response solves your problem, the best way to thank me is to not
>>>> send an "it worked, thanks" follow-up. If you must respond, please put
>>>> "It worked, thanks" in the "Subject" so I can delete these quickly.
>>>>
>>>
>>>
>>
>
