howto use sasl
Alexander Dalloz
ad+lists at uni-x.org
Sun Mar 5 16:36:19 EST 2006
Am So, den 05.03.2006 schrieb julius Junghans um 21:11:
> Thx for the documents, but as mentioned on the first page its still
> difficult.
> /etc/sasl2/smtpd.conf
> #global
> pwcheck_method: sasldb
That is not proper with SASLv2. You must use
pwcheck_method: auxprop
auxprop_plugin: sasldb
But you can omit that, as it is the default and automatic fallback
backend method.
> log_level: 4
> mech_list: DIGEST-MD5
>
> #auxiliary plugin parameters
> #auxprop_plugin: sasldb
> sasldb_path: /etc/sasl2/sasldb2
>
> #not safe, testing only
> ls -lh /etc/sasl2/
> insgesamt 392K
> lrwxrwxrwx 1 root root 10 5. Mär 20:40 sample.conf -> smtpd.conf
> -rwxrwxrwx 1 root root 385K 5. Mär 20:45 sasldb2
Awful permissions! Secure the auth data in there by setting proper unix
permissions.
> -rwxrwxrwx 1 root root 265 5. Mär 20:52 smtpd.conf
>
>
> #my test user:
> saslpasswd2 -c sales -u schleppi.localdomain
>
> #/etc/hosts
> 192.168.10.66 schleppi.localdomain schleppi
>
>
> sasldblistusers2
> sales at schleppi.localhost: userPassword
>
>
>
> #client
> ./client -p 30000 localhost -m DIGEST-MD5
> receiving capability list... recv: {46}
> ANONYMOUS CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
> ANONYMOUS CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
> send: {10}
> DIGEST-MD5
> send: {1}
> N
> recv: {113}
> nonce="dSTaTSBVCxPa3ul0sopC+O856Eh7k2m5wronG5MJYmc=",realm="schleppi",qop="auth",charset=utf-8,algorithm=md5-sess
According to your sasldb2 / saslpasswd your realm is
"schleppi.localdomain" and not "schleppi".
> please enter an authentication id: sales
> please enter an authorization id: sales
> Password:
> send: {231}
> username="sales",realm="schleppi",nonce="dSTaTSBVCxPa3ul0sopC+O856Eh7k2m5wronG5MJYmc=",cnonce="+/3GCg5O7oVdYW0PIEKX9t97CCUzbSRWoPbEMeHFk2s=",nc=00000001,qop=auth,digest-uri="rcmd/localhost",response=8bd84aa26eb1d8b2eabe91a67ae33dbb
> authentication failed
> closing connection
>
>
> #server
> ./server -s rcmd -p 30000 -m DIGEST-MD5 ### whats this rcmd
> service? its used in vortrag_cyrus_SASL.pdf
> trying 2, 1, 6
> trying 10, 1, 6
> socket: Address family not supported by protocol
> accepted new connection
> send: {10}
> DIGEST-MD5
> recv: {10}
> DIGEST-MD5
> recv: {1}
> N
> send: {113}
> nonce="xUDjZNEzv6FHtF3R8veYONSMFz1/ccwuHyCuWAfakFA=",realm="schleppi",qop="auth",charset=utf-8,algorithm=md5-sess
> recv: {231}
> username="sales",realm="schleppi",nonce="xUDjZNEzv6FHtF3R8veYONSMFz1/ccwuHyCuWAfakFA=",cnonce="YfLO87mIQCYN9MO2pegvY8oaFXk0xfMCT8Fuzxe/eJ8=",nc=00000001,qop=auth,digest-uri="rcmd/localhost",response=2c38b9309e288dd75d866c5d3892d118
realm mismatch here too.
> performing SASL negotiation: user not foundclosing connection
>
>
> okay, so the user isn't found, why?
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 22:28:48 up 10 days, 17 users, load average: 0.11, 0.19,
0.18
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20060305/e71a696f/attachment.bin
More information about the Cyrus-sasl
mailing list