Re: postfix with SASL over PAM
Hi Rodi, Postfix is not in a chroot jail, and (I forgot to mention this) the user posftix is in the shadow group. Google only has questions on this subject, but not many answers... :( Thanks R.M. Evers wrote: Hi Jose, Maybe your smtpd (smtp/smtps) is chrooted? Check your master.cf for this. And for shadow auth you probably also have to add postfix to the shadow group.. Hope this helps :) Regards, -Rodi On Fri, 2003-08-29 at 00:19, Jose Alberto Guzman wrote: I'm trying to get posfix authenticate (for relaying purposes) users with SASL via PAM on woody. I've installed posftix, posftix-tls, libsasl and it´s modules. Following the READMEs, I can see that postfix does support SASL auth LOGIN and PLAIN mechanisms: 220 mybox.over.here ESMTP Postfix (Debian/GNU) EHLO localhost 250-mybox.over.here 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN 250-XVERP 250 8BITMIME But when I try to authenticate with plain (base64 encoded: 'user\0user\0password'), posfix complains with : postfix/smtpd[2134]: connect from localhost[127.0.0.1] postfix/smtpd[2134]: PAM _pam_init_handlers: could not open /etc/pam.conf postfix/smtpd[2134]: PAM pam_start: failed to initialize handlers postfix/smtpd[2134]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed I've added the following lines to my working postfix's main.cf: smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = check_relay_domains permit_mynetworks permit_sasl_authenticated And /etc/pam.d/smtp looks like: #%PAM-1.0 auth required pam_nologin.so auth required pam_unix.so auth required pam_env.so accountrequired pam_unix.so sessionrequired pam_unix.so sessionrequired pam_limits.so To be on the safe side, I also added the following lines to /etc/pam.conf smtpauth required pam_nologin.so smtpauth required pam_unix.so smtpauth required pam_env.so smtpaccountrequired pam_unix.so smtpsessionrequired pam_unix.so smtpsessionrequired pam_limits.so Both pam files are world readable. Also, the file /etc/postfix/sasl/smtpd.conf contains: pwcheck_method: pam and it's perms are: 0644 With sasl over shadow, it just warns: SASL PLAIN authentication failed. Has anyone managed to get woody's postfix to authenticate with sasl over pam? Thanks in advance José -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Radius Analysis Tools
Does anyone know of a ready-made script to other tool to scan radius logs and report stats like peak usage? I really don't feel like writing anything. Any pointers would be much appreciated. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: postfix with SASL over PAM
## Jose Alberto Guzman ([EMAIL PROTECTED]): > But when I try to authenticate with plain (base64 encoded: > 'user\0user\0password'), posfix complains with : > postfix/smtpd[2134]: connect from localhost[127.0.0.1] > postfix/smtpd[2134]: PAM _pam_init_handlers: could not open /etc/pam.conf Are you running smtpd chroooted? If you want to use SMTP-AUTH, it might be easier to un-chroot smtpd. Elsewhere you will have to copy a lot of files (especially for SASL). > Has anyone managed to get woody's postfix to authenticate with sasl > over pam? smtpd can't read /etc/shadow and tus PAM can't (PAM is a bunch of libraries). I used pwcheck (from sasl-bin, IIRC). Run pwcheck as root, it becomes a daemon. Then edit /etc/postfix/sasl/smtpd.conf, it should read "pwcheck_method: pwcheck". pwcheck uses an unix socket (/var/run/pwcheck/pwcheck by default), take care smtpd can access it (think of chroot). Regards, cmt -- Spare Space -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: postfix with SASL over PAM
Hi Jose, Maybe your smtpd (smtp/smtps) is chrooted? Check your master.cf for this. And for shadow auth you probably also have to add postfix to the shadow group.. Hope this helps :) Regards, -Rodi On Fri, 2003-08-29 at 00:19, Jose Alberto Guzman wrote: > I'm trying to get posfix authenticate (for relaying purposes) users > with SASL via PAM on woody. > > I've installed posftix, posftix-tls, libsasl and it´s modules. > > Following the READMEs, I can see that postfix does support SASL auth > LOGIN and PLAIN mechanisms: > > 220 mybox.over.here ESMTP Postfix (Debian/GNU) > EHLO localhost > 250-mybox.over.here > 250-PIPELINING > 250-SIZE 1024 > 250-VRFY > 250-ETRN > 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN > 250-XVERP > 250 8BITMIME > > But when I try to authenticate with plain (base64 encoded: > 'user\0user\0password'), posfix complains with : > > > postfix/smtpd[2134]: connect from localhost[127.0.0.1] > postfix/smtpd[2134]: PAM _pam_init_handlers: could not open /etc/pam.conf > postfix/smtpd[2134]: PAM pam_start: failed to initialize handlers > postfix/smtpd[2134]: warning: localhost[127.0.0.1]: SASL PLAIN > authentication failed > > I've added the following lines to my working postfix's main.cf: > > smtpd_sasl_auth_enable = yes > smtpd_recipient_restrictions = check_relay_domains permit_mynetworks > permit_sasl_authenticated > > And /etc/pam.d/smtp looks like: > #%PAM-1.0 > auth required pam_nologin.so > auth required pam_unix.so > auth required pam_env.so > accountrequired pam_unix.so > sessionrequired pam_unix.so > sessionrequired pam_limits.so > > > To be on the safe side, I also added the following lines to /etc/pam.conf > > smtpauth required pam_nologin.so > smtpauth required pam_unix.so > smtpauth required pam_env.so > smtpaccountrequired pam_unix.so > smtpsessionrequired pam_unix.so > smtpsessionrequired pam_limits.so > > Both pam files are world readable. > > Also, the file /etc/postfix/sasl/smtpd.conf contains: > > pwcheck_method: pam > > and it's perms are: 0644 > >With sasl over shadow, it just warns: SASL PLAIN authentication failed. > > Has anyone managed to get woody's postfix to authenticate with sasl > over pam? > > > > Thanks in advance > > > José -- Met vriendelijke groet / Kind regards, Rodi Evers ([EMAIL PROTECTED]) HBH Automatisering B.V. Koningslaan 30, 1075 AD Amsterdam, The Netherlands. Phone : +31 20 662 41 45 Fax: +31 20 676 44 78 -- -- De informatie verzonden met dit e-mail bericht is uitsluitend bestemd voor de geadresseerde. Gebruik van deze informatie door anderen dan de geadresseerde is verboden. Openbaarmaking, vermenigvuldiging, verspreiding en/of verstrekking van deze informatie aan derden is niet toegestaan. Horlings, Brouwer & Horlings staat niet in voor de juiste en volledige overbrenging van de inhoud van een verzonden e-mail, noch voor tijdige ontvangst daarvan. Website: http://www.hbh-it.nl/ -- -- The information contained in this communication is confidential and may be legally privileged. It is intented solely for the use of the individual orentity to whom it is addressed and others authorised to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. Horlings, Brouwer & Horlings is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. Website: http://www.hbh-it.nl/ -- -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]