How to? saslauthd strip domain
Igor Brezac
igor at ipass.net
Wed Apr 12 14:12:50 EDT 2006
On Wed, 12 Apr 2006, Netlink Tech wrote:
>
>
> On Wed, 12 Apr 2006, Igor Brezac wrote:
>
>>
>> On Wed, 12 Apr 2006, Netlink Tech wrote:
>>
>>> Hello,
>>> I have a FC5 x86_64 server with saslauthd 2.1.21, sendmail 8.13.6, etc.
>>> I have SMTP_auth working fine with 'user' using PAM.
>>> I would like to get it working with 'user at netlinkcom.com' using PAM.
>>>
>>> My saslauthd is started from initd with the following options:
>>> /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
>>>
>>> When I use testsaslauthd I get the following:
>>>
>>> [root]# testsaslauthd -u testuser -p test1234 -s smtp
>>> 0: OK "Success."
>>> [root]# testsaslauthd -u testuser at netlinkcom.com -p test1234 -s smtp
>>> 0: NO "authentication failed"
>>>
>>> Log file shows this on authentication failure:
>>> Apr 12 12:23:25 mighty saslauthd[31617]: do_auth : auth failure:
>>> [user=testuser at netlinkcom.com] [service=smtp] [realm=] [mech=pam]
>>> [reason=PAM auth error]
>>>
>>> How can I strip the domain before sending the auth request to PAM?
>>
>> It is done automatically by libsasl.
>>
>> --
>> Igor
>>
> That is what I thought when reading docs/archived lists, but it doesn't
> appear that it is doing it. I read that the -r option leaves the realm/domain
> intact...but I am not starting saslauthd with -r...so I expect that it WOULD
> strip off the domain.
> BUT, testsaslauthd fails auth and logfile shows PAM auth error.
> Doesn't that mean that it is in fact not stripping of the domain?
Nop... testsaslauthd does not use libsasl. It talks directly with
saslauthd. You can use sample/(client|server) if you want to simulate a
real sasl2 client.
--
Igor
More information about the Cyrus-sasl
mailing list