postfix + cyrus-sasl + PAM + pam_ruby
David van Geest
davidv at spindance.com
Wed Jul 22 17:00:12 EDT 2009
Sean O'Malley wrote:
> try:
> testsaslauthd -u username -p password -r "127.0.0.1;234" -s servicename
>
> (the -r flag probably isn't needed, i believe it specifies the realm
> name.)
>
> This should test saslauthd and your pam configuration.
>
> I believe on redhat they called it cyrus-testsaslauthd or something along
> those lines if it is included.
>
> If that works, you know your backend is configured correctly.
>
> I would probably try it with pam_unix and a local account if that doesnt
> work, just to see if the problem is with your pam stack or with the pam
> module.
>
>
Thanks Sean. On my CentOS 5.2 system it's testsaslauthd:
-bash-3.2# testsaslauthd -u <local_user> -p <pass> -r "127.0.0.1;234" -s
system-auth
0: OK "Success."
However, using pam_ruby:
-bash-3.2# testsaslauthd -u <user> -p <pass> -r "127.0.0.1;234" -s smtp
0: NO "authentication failed"
/var/log/messages has:
Jul 22 16:44:10 ip-10-251-215-230 saslauthd[6419]: do_auth :
auth failure: [user=test] [service=smtp] [realm=127.0.0.1;234]
[mech=pam] [reason=PAM auth error]
I'm assuming this means everything is ok up to my /etc/pam.d/smtp
file.... anywhere else I can look for more details on any PAM errors or
errors with pam_ruby?
However, playing around a bit more with sasl2-sample-server/client I get
different results:
sasl2-sample-server -s system-auth -p8000
......
performing SASL negotiation: user not foundclosing connection
sasl2-sample-client -s system-auth -p 8000 -m LOGIN localhost
receiving capability list... recv: {53}
CRAM-MD5 ANONYMOUS NTLM LOGIN PLAIN DIGEST-MD5 GSSAPI
CRAM-MD5 ANONYMOUS NTLM LOGIN PLAIN DIGEST-MD5 GSSAPI
send: {5}
LOGIN
send: {1}
N
recv: {9}
Username:
please enter an authentication id: <user>
Password:
send: {4}
<user>
recv: {9}
Password:
send: {9}
<password>
authentication failed
closing connection
-David
More information about the Cyrus-sasl
mailing list