How to? saslauthd strip domain

Igor Brezac igor at ipass.net
Wed Apr 12 14:12:50 EDT 2006


On Wed, 12 Apr 2006, Netlink Tech wrote:

>
>
> On Wed, 12 Apr 2006, Igor Brezac wrote:
>
>> 
>> On Wed, 12 Apr 2006, Netlink Tech wrote:
>> 
>>> Hello,
>>> I have a FC5 x86_64 server with saslauthd 2.1.21, sendmail 8.13.6, etc.
>>> I have SMTP_auth working fine with 'user' using PAM.
>>> I would like to get it working with 'user at netlinkcom.com' using PAM.
>>> 
>>> My saslauthd is started from initd with the following options:
>>> /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
>>> 
>>> When I use testsaslauthd I get the following:
>>> 
>>> [root]# testsaslauthd -u testuser -p test1234 -s smtp
>>> 0: OK "Success."
>>> [root]# testsaslauthd -u testuser at netlinkcom.com -p test1234 -s smtp
>>> 0: NO "authentication failed"
>>> 
>>> Log file shows this on authentication failure:
>>> Apr 12 12:23:25 mighty saslauthd[31617]: do_auth         : auth failure: 
>>> [user=testuser at netlinkcom.com] [service=smtp] [realm=] [mech=pam] 
>>> [reason=PAM auth error]
>>> 
>>> How can I strip the domain before sending the auth request to PAM?
>> 
>> It is done automatically by libsasl.
>> 
>> -- 
>> Igor
>> 
> That is what I thought when reading docs/archived lists, but it doesn't 
> appear that it is doing it. I read that the -r option leaves the realm/domain 
> intact...but I am not starting saslauthd with -r...so I expect that it WOULD 
> strip off the domain.
> BUT, testsaslauthd fails auth and logfile shows PAM auth error.
> Doesn't that mean that it is in fact not stripping of the domain?

Nop...  testsaslauthd does not use libsasl.  It talks directly with 
saslauthd.  You can use sample/(client|server) if you want to simulate a 
real sasl2 client.

-- 
Igor


More information about the Cyrus-sasl mailing list