Re: SMTP-AUTH *without* SASL/PAM?
Barney Desmond wrote: 2009/10/30 Seth Mattinen se...@rollernet.us: Keith Palmer wrote: OK, thanks... but that doesn't answer my question. Is it possible to configure Postfix for SMTP-AUTH *without* using SASL/PAM? I'd like to *not run SASL at all* rather than have it do the lookups. Use the dovecot auth method. In spite of the name in the docs, no SASL is involved whatsoever. I run dovecot on a few servers with all the pop3/imap parts disabled just for auth. Uh, it *is* still SASL, unless I've misunderstood that. To clarify: there is no way to avoid using SASL. SASL is the protocol that Postfix uses to ask Someone Else for authentication. Postfix supports no other authentication mechanisms. (the fact that the only SASL backends in existence (basically) are POP/IMAP servers is what usually confuses people). If you have no particular requirements or existing configuration, installing Dovecot and using it as your SASL backend is the easiest way to go. Well sure, but my point was that Dovecot auth doesn't have the normal hassle of cyrus sasl so one shouldn't think of it as the same potential evil. ~Seth
SMTP-AUTH *without* SASL/PAM?
Is it possible to configure Postfix for SMTP-AUTH *without* using SASL/PAM? We're trying to keep things simple here, and I'd really rather prefer to just have Postfix do lookups in a text file or straight from the unix accounts for SMTP-AUTH. Is it do-able? -- - Keith Palmer ke...@academickeys.com http://www.AcademicKeys.com/
Re: SMTP-AUTH *without* SASL/PAM?
Keith Palmer wrote: OK, thanks... but that doesn't answer my question. Is it possible to configure Postfix for SMTP-AUTH *without* using SASL/PAM? I'd like to *not run SASL at all* rather than have it do the lookups. Use the dovecot auth method. In spite of the name in the docs, no SASL is involved whatsoever. I run dovecot on a few servers with all the pop3/imap parts disabled just for auth. ~Seth
Re: SMTP-AUTH *without* SASL/PAM?
2009/10/30 Seth Mattinen se...@rollernet.us: Keith Palmer wrote: OK, thanks... but that doesn't answer my question. Is it possible to configure Postfix for SMTP-AUTH *without* using SASL/PAM? I'd like to *not run SASL at all* rather than have it do the lookups. Use the dovecot auth method. In spite of the name in the docs, no SASL is involved whatsoever. I run dovecot on a few servers with all the pop3/imap parts disabled just for auth. Uh, it *is* still SASL, unless I've misunderstood that. To clarify: there is no way to avoid using SASL. SASL is the protocol that Postfix uses to ask Someone Else for authentication. Postfix supports no other authentication mechanisms. (the fact that the only SASL backends in existence (basically) are POP/IMAP servers is what usually confuses people). If you have no particular requirements or existing configuration, installing Dovecot and using it as your SASL backend is the easiest way to go.
Re: SMTP-AUTH *without* SASL/PAM?
* Keith Palmer ke...@academickeys.com: OK, thanks... but that doesn't answer my question. Is it possible to configure Postfix for SMTP-AUTH *without* using SASL/PAM? I'd like to *not run SASL at all* rather than have it do the lookups. -- - Keith Palmer ke...@academickeys.com http://www.AcademicKeys.com/ On Thu, October 29, 2009 10:31 am, Patrick Ben Koetter wrote: * Keith Palmer ke...@academickeys.com: Is it possible to configure Postfix for SMTP-AUTH *without* using SASL/PAM? We're trying to keep things simple here, and I'd really rather prefer to just have Postfix do lookups in a text file or straight from the unix accounts for SMTP-AUTH. Reading straight from the UNIX accounts requires special privileges. This is against the Postfix security model. The Cyrus SASL password verification service saslauthd can run with the required special privileges and therefore may act as a mediator. As others have written, Postfix does not implement a SASL itself. It either relies on Dovecot SASL or on Cyrus SASL. Both implementations provide server-side AUTH, while only Cyrus SASL also provides Postfix client-side AUTH capabilities. p...@rick Look into this: # saslauthd -a shadow Is it do-able? -- - Keith Palmer ke...@academickeys.com http://www.AcademicKeys.com/ -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
