SASL2, sendmail, pam, auth failed

Alex dermannda at web.de
Fri Jul 14 08:53:24 EDT 2006


hello,

well, to put it briefly, i can't get sendmail to authentificate,
although i made all by the book (..i think)
so,i use a sendmail DUAL configuration with amavisd

-------------------------------------------------------------------------------
# sendmail -d0.1
Version 8.13.6
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
                NAMED_BIND NDBM NETINET NETINET6 NETUNIX NIS NISPLUS
PIPELINING
                SASLv2 SCANF STARTTLS XDEBUG
-------------------------------------------------------------------------------
on a
-------------------------------------------------------------------------------
#uname -a
SunOS name 5.10 Generic_118822-25 sun4u sparc SUNW,Ultra-4
--------------------------------------------------------------------------------


here are some config files/outputs:


---------------------------------------------------------------------------------
#less sendmail-rx.mc
...
define(`confLOG_LEVEL', `13')
...
dnl  AUTH
define(`confAUTH_MECHANISMS', `PLAIN LOGIN')dnl

dnl  Weitervermittlung erlauben, WENN der Host sich erfolgreich
authentifiziert hat
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl

dnl  p-PLAIN/LOGIN nur dann anbieten, wenn SSL/TLS aktiv ist
dnl  y- anonymous-login verbieten
define(`confAUTH_OPTIONS', `A y')dnl
...
-----------------------------------------------------------------------------------



-----------------------------------------------------------------------------------
root   311     1   0 13:48:28 ?           0:00 /opt/csw/sbin/saslauthd
-a pam
    root   313   311   0 13:48:28 ?
0:00 /opt/csw/sbin/saslauthd -a pam
    root   312   311   0 13:48:28 ?
0:00 /opt/csw/sbin/saslauthd -a pam
    root   314   311   0 13:48:28 ?
0:00 /opt/csw/sbin/saslauthd -a pam
    root   315   311   0 13:48:28 ?
0:00 /opt/csw/sbin/saslauthd -a pam
------------------------------------------------------------------------------------



------------------------------------------------------------------------------------
#less Sendmail.conf
pwcheck_method:saslauthd
mech_list: LOGIN PLAIN
saslauthd_path:/var/opt/csw/saslauthd
------------------------------------------------------------------------------------

------------------------------------------------------------------------------------
ll /var/opt/csw/saslauthd
Gesamt 6
drwxrws---   2 root     sasl         512 Jul 13 13:48 ./
drwxr-xr-x   3 root     bin          512 Jul  7 16:12 ../
srwxrwxrwx   1 root     sasl           0 Jul 13 13:48 mux=
-rw-------   1 root     sasl           0 Jul 13 13:48 mux.accept
-rw-------   1 root     sasl           4 Jul 13 13:48 saslauthd.pid
-------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------
# ldd /usr/lib/sendmail
        libsasl2.so.2 =>         /usr/lib/libsasl2.so.2
        libresolv.so.2 =>        /lib/libresolv.so.2
        libsocket.so.1 =>        /lib/libsocket.so.1
        libnsl.so.1 =>   /lib/libnsl.so.1
        libc.so.1 =>     /lib/libc.so.1
        libdl.so.1 =>    /lib/libdl.so.1
        libmp.so.2 =>    /lib/libmp.so.2
        libmd5.so.1 =>   /lib/libmd5.so.1
        libscf.so.1 =>   /lib/libscf.so.1
        libdoor.so.1 =>  /lib/libdoor.so.1
        libuutil.so.1 =>         /lib/libuutil.so.1
        libm.so.2 =>     /lib/libm.so.2
--------------------------------------------------------------------------------------



---------------------------------------------------------------------------------------
#testsaslauthd -u user -p pass
0: OK "Success."
---------------------------------------------------------------------------------------

when i try to authentificate (via sendmail) i get:


---------------------------------------------------------------------------------------
mta-rx: [ID 801593 mail.error] k6DCm1ID002220: AUTH failure (PLAIN):
generic failure (-1) SASL(-1): generic failure: Password verification
failed
---------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------
mta-rx: [ID 801593 mail.warning] k6DCnNJu002290: AUTH failure (LOGIN):
generic failure (-1) SASL(-1): generic failure: checkpass failed
---------------------------------------------------------------------------------------

it looks like sendmail doesnt see saslauthd (?!)


i've started saslauthd in debug mode and
when i run testsaslauthd, i get

----------------------------------------------------------------------------------------
# saslauthd -a pam -d
saslauthd[12076] :main            : num_procs  : 5
saslauthd[12076] :main            : mech_option: NULL
saslauthd[12076] :main            : run_path   : /var/opt/csw/saslauthd
saslauthd[12076] :main            : auth_mech  : pam
saslauthd[12076] :ipc_init        : using accept lock
file: /var/opt/csw/saslauthd/mux.accept
saslauthd[12076] :detach_tty      : master pid is: 0
saslauthd[12076] :ipc_init        : listening on
socket: /var/opt/csw/saslauthd/mux
saslauthd[12076] :main            : using process model
saslauthd[12076] :have_baby       : forked child: 12077
saslauthd[12076saslauthd[] :have_baby       12077: forked child:
12078] :
get_accept_lock : acquired accept lock
saslauthd[12076] :have_baby       : forked child: 12079
saslauthd[12076] :have_baby       : forked child: 12080
saslauthd[12077] :rel_accept_lock : saslauthd[released accept lock
12078] :get_accept_lock : acquired accept lock
saslauthd[12077] :do_auth         : auth success: [user=user]
[service=imap] [realm=] [mech=pam]
saslauthd[12077] :do_request      : response: OK
-------------------------------------------------------------------------------------------

when i try to authentificate via sendmail, nothing happens .....
doesn't sendmail know from saslauthd (?!)

Can anyone help me?

Thanks!
Alex Thor.










More information about the Cyrus-sasl mailing list