howto use sasl
Patrick Ben Koetter
p at state-of-mind.de
Sun Mar 5 16:34:07 EST 2006
* julius Junghans <julius.junghans at gmx.de>:
> Thx for the documents, but as mentioned on the first page its still
> difficult.
>
>
>
> /etc/sasl2/smtpd.conf
> #global
> pwcheck_method: sasldb
> log_level: 4
> mech_list: DIGEST-MD5
Cyrus-SASL.2.x doesn't know a pwcheck_method called sasldb.
Try this:
/etc/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /etc/sasl2/sasldb2
# you can add all the following mechanisms if you want to:
mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5
BTW: Which system uses /etc/sasl2/ as path for smtpd.conf? Usually it's either
/usr/lib/sasl2/smtpd.conf or /etc/postfix/sasl/smtpd.conf (on Debian systems).
> #auxiliary plugin parameters
> #auxprop_plugin: sasldb
> sasldb_path: /etc/sasl2/sasldb2
>
> #not safe, testing only
> ls -lh /etc/sasl2/
> insgesamt 392K
> lrwxrwxrwx 1 root root 10 5. Mär 20:40 sample.conf -> smtpd.conf
> -rwxrwxrwx 1 root root 385K 5. Mär 20:45 sasldb2
> -rwxrwxrwx 1 root root 265 5. Mär 20:52 smtpd.conf
>
>
> #my test user:
> saslpasswd2 -c sales -u schleppi.localdomain
Does this create sasldb2 in /etc/sasl2/?
> #/etc/hosts
> 192.168.10.66 schleppi.localdomain schleppi
>
>
> sasldblistusers2
> sales at schleppi.localhost: userPassword
>
>
>
> #client
> ./client -p 30000 localhost -m DIGEST-MD5
> receiving capability list... recv: {46}
> ANONYMOUS CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
> ANONYMOUS CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
> send: {10}
> DIGEST-MD5
> send: {1}
> N
> recv: {113}
> nonce="dSTaTSBVCxPa3ul0sopC+O856Eh7k2m5wronG5MJYmc=",realm="schleppi",qop="auth",charset=utf-8,algorithm=md5-sess
> please enter an authentication id: sales
Should be: sales at schleppi.localhost
> please enter an authorization id: sales
Should be: sales at schleppi.localhost
> Password:
> send: {231}
> username="sales",realm="schleppi",nonce="dSTaTSBVCxPa3ul0sopC+O856Eh7k2m5wronG5MJYmc=",cnonce="+/3GCg5O7oVdYW0PIEKX9t97CCUzbSRWoPbEMeHFk2s=",nc=00000001,qop=auth,digest-uri="rcmd/localhost",response=8bd84aa26eb1d8b2eabe91a67ae33dbb
> authentication failed
> closing connection
>
>
> #server
> ./server -s rcmd -p 30000 -m DIGEST-MD5 ### whats this rcmd
> service? its used in vortrag_cyrus_SASL.pdf
rcmd = remote command
At least that's what I have been told. ;)
> trying 2, 1, 6
> trying 10, 1, 6
> socket: Address family not supported by protocol
> accepted new connection
> send: {10}
> DIGEST-MD5
> recv: {10}
> DIGEST-MD5
> recv: {1}
> N
> send: {113}
> nonce="xUDjZNEzv6FHtF3R8veYONSMFz1/ccwuHyCuWAfakFA=",realm="schleppi",qop="auth",charset=utf-8,algorithm=md5-sess
> recv: {231}
> username="sales",realm="schleppi",nonce="xUDjZNEzv6FHtF3R8veYONSMFz1/ccwuHyCuWAfakFA=",cnonce="YfLO87mIQCYN9MO2pegvY8oaFXk0xfMCT8Fuzxe/eJ8=",nc=00000001,qop=auth,digest-uri="rcmd/localhost",response=2c38b9309e288dd75d866c5d3892d118
> performing SASL negotiation: user not foundclosing connection
>
>
> okay, so the user isn't found, why?
Fix your configuration, check the path for smtpd.conf and post new output if
it still fails.
p at rick
--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
More information about the Cyrus-sasl
mailing list