Sendmail authentication fails using SASL2
Dan White
dwhite at olp.net
Wed Jul 16 00:12:31 EDT 2008
Also,
The 'smtptest' app is a good tool for testing authentication
(part of cyrus imapd).
Also, if you haven't already, check our your auth.log in addition
to your syslog/messages log.
I don't know if it's against syntax, but I haven't seen entries
like this without a space before:
pwcheck_method:saslauthd
I put a space after the colon:
pwcheck_method: saslauthd
- Dan
Scott Likens wrote:
> Simple test,
>
> telnet localhost 25
> ehlo whatever
>
> which plugins do you see listed, LOGIN? PLAIN? CRAM-MD5? DIGEST-MD5 NTLM?
>
> Verify you are using the proper mech, and verify your sendmail is setup
> for authentication properly, perhaps post your MC that you have for
> Sendmail?
>
> On Jul 15, 2008, at 6:58 PM, RescuNET.com wrote:
>
>> I'm using openssl, saslauthd and sendmail as installed during a recent
>> CentOS5 upgrade. I've verified that sendmail was compiled with SASLv2
>> and STARTTLS support. I configured TLS certs and had them signed by
>> cacert.org... I configured sendmail to use them.
>>
>> # cat /usr/lib/sasl2/Sendmail.conf
>> pwcheck_method:saslauthd
>> mech_list:login plain
>> saslauthd_path:/var/run/saslauthd/
>>
>> # cat /etc/sysconfig/saslauthd
>> SOCKETDIR=/var/run/saslauthd
>> MECH=shadow
>>
>> I verified that saslauthd can authenticate against the /etc/shadow
>> using testsaslauthd:
>> [root at dal-rh03 mail]# testsaslauthd -u test -p xxxx1234
>> 0: OK "Success."
>>
>> I start saslauthd in debug mode with:
>> saslauthd -m /var/run/saslauthd -a shadow -d
>>
>> MUA with TLS support initiates a connection and receives the server
>> certificate correctly. Then the password is sent...
>>
>> Sendmail throws:
>> sendmail[12605]: m6FJ5aUj012605: AUTH failure (LOGIN): generic failure
>> (-1) SASL(-1): generic failure: checkpass failed
>>
>> There's no output from saslauthd that sendmail even made a connection.
>>
>> I've beat my head against a wall and Google for 2 weeks in every
>> direction and I cannot find any configuration problems. I'm also at
>> the extent of my knowledge debugging sasl2. How can I trace the
>> connection between sendmail and saslauthd?
>> !DSPAM:487d5c0582341804284693!
>
More information about the Cyrus-sasl
mailing list