postfix + cyrus-sasl + PAM + pam_ruby

David van Geest davidv at spindance.com
Wed Jul 22 17:00:12 EDT 2009


Sean O'Malley wrote:
> try:
> testsaslauthd -u username -p password -r "127.0.0.1;234" -s servicename
>
> (the -r flag probably isn't needed, i believe it specifies the realm
> name.)
>
> This should test saslauthd and your pam configuration.
>
> I believe on redhat they called it cyrus-testsaslauthd or something along
> those lines if it is included.
>
> If that works, you know your backend is configured correctly.
>
> I would probably try it with pam_unix and a local account if that doesnt
> work, just to see if the problem is with your pam stack or with the pam
> module.
>
>   
Thanks Sean.  On my CentOS 5.2 system it's testsaslauthd:

-bash-3.2# testsaslauthd -u <local_user> -p <pass> -r "127.0.0.1;234" -s 
system-auth
0: OK "Success."

However, using pam_ruby:

-bash-3.2# testsaslauthd -u <user> -p <pass> -r "127.0.0.1;234" -s smtp
0: NO "authentication failed"

/var/log/messages has:

Jul 22 16:44:10 ip-10-251-215-230 saslauthd[6419]: do_auth         : 
auth failure: [user=test] [service=smtp] [realm=127.0.0.1;234] 
[mech=pam] [reason=PAM auth error]

I'm assuming this means everything is ok up to my /etc/pam.d/smtp 
file.... anywhere else I can look for more details on any PAM errors or 
errors with pam_ruby?

However, playing around a bit more with sasl2-sample-server/client I get 
different results:
sasl2-sample-server -s system-auth -p8000
......
performing SASL negotiation: user not foundclosing connection


sasl2-sample-client -s system-auth -p 8000 -m LOGIN localhost
receiving capability list... recv: {53}
CRAM-MD5 ANONYMOUS NTLM LOGIN PLAIN DIGEST-MD5 GSSAPI
CRAM-MD5 ANONYMOUS NTLM LOGIN PLAIN DIGEST-MD5 GSSAPI
send: {5}
LOGIN
send: {1}
N
recv: {9}
Username:
please enter an authentication id: <user>
Password:
send: {4}
<user>
recv: {9}
Password:
send: {9}
<password>
authentication failed
closing connection

-David








More information about the Cyrus-sasl mailing list