Sendmail authentication fails using SASL2

Dan White dwhite at olp.net
Wed Jul 16 00:12:31 EDT 2008


Also,

The 'smtptest' app is a good tool for testing authentication 
(part of cyrus imapd).

Also, if you haven't already, check our your auth.log in addition 
to your syslog/messages log.

I don't know if it's against syntax, but I haven't seen entries 
like this without a space before:

pwcheck_method:saslauthd

I put a space after the colon:

pwcheck_method: saslauthd

- Dan

Scott Likens wrote:
> Simple test,
> 
> telnet localhost 25
> ehlo whatever
> 
> which plugins do you see listed, LOGIN? PLAIN? CRAM-MD5? DIGEST-MD5 NTLM?
> 
> Verify you are using the proper mech, and verify your sendmail is setup 
> for authentication properly, perhaps post your MC that you have for 
> Sendmail?
> 
> On Jul 15, 2008, at 6:58 PM, RescuNET.com wrote:
> 
>> I'm using openssl, saslauthd and sendmail as installed during a recent 
>> CentOS5 upgrade. I've verified that sendmail was compiled with SASLv2 
>> and STARTTLS support. I configured TLS certs and had them signed by 
>> cacert.org... I configured sendmail to use them.
>>
>> # cat /usr/lib/sasl2/Sendmail.conf
>> pwcheck_method:saslauthd
>> mech_list:login plain
>> saslauthd_path:/var/run/saslauthd/
>>
>> # cat /etc/sysconfig/saslauthd
>> SOCKETDIR=/var/run/saslauthd
>> MECH=shadow
>>
>> I verified that saslauthd can authenticate against the /etc/shadow 
>> using testsaslauthd:
>> [root at dal-rh03 mail]# testsaslauthd -u test -p xxxx1234
>> 0: OK "Success."
>>
>> I start saslauthd in debug mode with:
>> saslauthd -m /var/run/saslauthd -a shadow -d
>>
>> MUA with TLS support initiates a connection and receives the server 
>> certificate correctly. Then the password is sent...
>>
>> Sendmail throws:
>> sendmail[12605]: m6FJ5aUj012605: AUTH failure (LOGIN): generic failure 
>> (-1) SASL(-1): generic failure: checkpass failed
>>
>> There's no output from saslauthd that sendmail even made a connection.
>>
>> I've beat my head against a wall and Google for 2 weeks in every 
>> direction and I cannot find any configuration problems. I'm also at 
>> the extent of my knowledge debugging sasl2. How can I trace the 
>> connection between sendmail and saslauthd?
>> !DSPAM:487d5c0582341804284693!
> 



More information about the Cyrus-sasl mailing list