Can't successfully test credentials I just created
Ann Onemouse
annonemouse at me.com
Mon Nov 17 14:37:37 EST 2008
Hello.
I am trying to get saslauthd to provide authentication services for
postfix, and I have a problem which I think is related only to
saslauthd. I have installed saslauthd 2.1.22-4 from RPM on a CentOS
5.2 xen virtual server:
===================
# uname -a
Linux myhost.mydomain.com 2.6.24-19-xen #1 SMP Sat Jul 12 00:15:59 UTC
2008 x86_64 x86_64 x86_64 GNU/Linux
# rpm -qi cyrus-sasl
Name : cyrus-sasl Relocations: (not
relocatable)
Version : 2.1.22 Vendor: CentOS
Release : 4 Build Date: Sun Jan 7
07:18:17 2007
...
===================
Then I start it up, and try to create a test user with credentials
testuser/testpass. I then get a list of the sasldb users, and it seems
correct. I also verify the location of the password database:
===================
# service saslauthd start
Starting saslauthd: [ OK ]
# echo "testpass" | saslpasswd2 -c testuser -p
# sasldblistusers2
testuser at myhost.mydomain.com: userPassword
# ls -l /etc/sasldb2
-rw-r----- 1 root postfix 12288 Nov 17 14:14 /etc/sasldb2
===================
So far, so good. At this point, I'd like to test the account I just
made, so...
===================
# testsaslauthd -u testuser -p testpass
0: NO "authentication failed"
# testsaslauthd -u testuser -r myhost.mydomain.com -p testpass
0: NO "authentication failed"
# testsaslauthd -u testuser at myhost.mydomain.com-p testpass
0: NO "authentication failed"
===================
Huh? What's up with that?
Next, I check to see what methods saslauthd might be using:
===================
# cat /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file,
and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to get
a list
# of which mechanism your installation was compiled with the ablity to
use.
MECH=pam
# Additional flags to pass to saslauthd on the command line. See
saslauthd(8)
# for the list of accepted flags.
FLAGS=
===================
OK -- it's using PAM. I don't really want this, because I don't want
these email credentials to be associated with a shell account. So I
check to see what methods are supported by my build...
===================
# saslauthd -v
saslauthd 2.1.22
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
===================
Which of these methods allows be to authenticate against the
credentials I just created using saslpasswd2? Non of them seems to
work. At least, none of them seems to make "testsaslauthd -u testuser -
p testpass" run successfully. :(
What am I missing here?
Thanks,
- Ann
More information about the Cyrus-sasl
mailing list