Can't successfully test credentials I just created
Patrick Ben Koetter
p at state-of-mind.de
Mon Nov 17 17:01:01 EST 2008
* Ann Onemouse <annonemouse at me.com>:
> Hello, Dan, and other SASL experts.
>
> A quick update: I have decided to try using SASL's PAM mechanism, since
> that's what seems to be setup by default.
>
> So, I rebuild my system from scratch (it's just a Xen VM, after all),
> and installed all cyrus-sasl RPMs:
> ==================================
> cyrus-sasl-ldap-2.1.22-4
> cyrus-sasl-devel-2.1.22-4
> cyrus-sasl-plain-2.1.22-4
> cyrus-sasl-ntlm-2.1.22-4
> cyrus-sasl-sql-2.1.22-4
> cyrus-sasl-plain-2.1.22-4
> cyrus-sasl-ntlm-2.1.22-4
> cyrus-sasl-ldap-2.1.22-4
> cyrus-sasl-lib-2.1.22-4
> cyrus-sasl-2.1.22-4
> cyrus-sasl-lib-2.1.22-4
> cyrus-sasl-sql-2.1.22-4
> cyrus-sasl-gssapi-2.1.22-4
> cyrus-sasl-md5-2.1.22-4
> cyrus-sasl-devel-2.1.22-4
> cyrus-sasl-2.1.22-4
> cyrus-sasl-md5-2.1.22-4
> cyrus-sasl-gssapi-2.1.22-4
> ==================================
>
> When I start up SASL with "service saslauthd start", here's what's
> running:
> ==================================
> [root at emailrelay ~]# ps auxwww | grep sasl
> root 4828 0.0 0.3 46648 804 ? Ss 16:10 0:00 /usr/
> sbin/saslauthd -m /var/run/saslauthd -a pam
> ==================================
> It's using PAM, right? It should work with any shell account I create,
> right?
>
> So, I create a regular Unix shell account, set the password to '1234',
> and verify that I can login as the user in question.
> ==================================
> ann at some-other-host:~> ssh relay at emailrelay.mydomain.com
> relay at emailrelay.mydomain.com's password: [ here I type '1234' ]
> Last login: Mon Nov 17 16:06:15 2008 from xxx.xxx.xxx.xxx
> [relay at emailrelay ~]$
> ==================================
> OK, shell login works. Later, if I can get this working, I will set the
> shell to "/sbin/nologin".
>
>
> Now, at this point, SASL should authenticate against these credentials
> with no problem, right? So, why won't this work?
> ==================================
> [root at emailrelay ~]# testsaslauthd -u relay -p 1234
> 0: NO "authentication failed"
> ==================================
> and from /var/log/messages...
> ==================================
> Nov 17 16:47:49 emailrelay saslauthd[4831]: do_auth : auth
> failure: [user=relay] [service=imap] [realm=] [mech=pam] [reason=PAM
> auth error]
> ==================================
Specify the service_name 'smtp' if you want to test SMTP AUTH setup with PAM:
# testsaslauthd -s smtp -u relay -p 1234
This tells PAM to use settings from /etc/pam.d/smtp and not from
/etc/pam.d/imap (if this file exists at all).
p at rick
>
> OK, now I'm really baffled. Is the testsaslauthd broken? Am I using it
> incorrectly? What does the [service=imap] mean?
>
> This use case seem dead simple, but is not working. :(
>
> Thanks for any insights,
> - Ann
>
>
>
--
All technical answers asked privately will be automatically answered on
the list and archived for public access unless privacy is explicitely
required and justified.
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
More information about the Cyrus-sasl
mailing list