Re: saslauthd problem

Fri, 17 Apr 2020 22:30:21 -0700 

Hi there,

remember having a similar issue with saslauthd and cut off user names.

Postfix doc has the proper info

http://www.postfix.org/SASL_README.html

%u -     The name of the user whose properties are being selected.
%r -     The name of the realm to which the user belongs. This could be the KERBEROS realm, the fully-qualified domain name of the computer the SASL application is running on, or the domain after the "@" in a username. 

sql_select: SELECT password FROM users WHERE user = '%u@%r'

best of luck ;)

Greetings
Becki






Am 17.04.2020 um 21:43 schrieb N KN:

Hi,
I'm setting up a mail server with postfix and dovecot. For SMTP, I want to use saslauthd with a MySQL backend for which I installed the pam_mysql library, I'm trying to configure it but there's no luck. 

My table schema (users) has 3 columns:

    e-mail, password, quota

My /etc/pam.d/smtp configuration is:
authrequiredpam_mysql.souser=postfix passwd=... host=127.0.0.1 db=postfix table=users usercolumn=email passwdcolumn=password crypt=2 accountsufficientpam_mysql.souser=postfix passwd=... host=127.0.0.1 db=postfix table=users usercolumn=email passwdcolumn=password crypt=2 

However, saslauthd fails on authentication:
    Apr 17 21:20:48 X saslauthd[12714]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module     Apr 17 21:20:48 X saslauthd[12714]:                 : auth failure: [user=mike] [service=smtp] [realm=domain.com <http://domain.com>] [mech=pam] [reason=PAM aut 
h error]
I can see that the problem relies on saslauthd using "mike" as the username instead of "m...@domain.com <mailto:m...@domain.com>", which is the actual record in the database for the "email" column.
Is there a way to tell saslauthd to use the full username (including domain) for the MySQL lookup? 

My postfix configuration is like this:

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous

My saslauthd configuration is like this:

START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

I'd be very grateful if someone could shed some light on it.

Thanks.

Reply via email to