postfix + cyrus-sasl + PAM + pam_ruby
Sean O'Malley
omalleys at msu.edu
Thu Jul 23 09:27:55 EDT 2009
On Wed, 22 Jul 2009, David van Geest wrote:
> Thanks Sean. On my CentOS 5.2 system it's testsaslauthd:
>
> -bash-3.2# testsaslauthd -u <local_user> -p <pass> -r "127.0.0.1;234" -s
> system-auth
> 0: OK "Success."
>
> However, using pam_ruby:
>
> -bash-3.2# testsaslauthd -u <user> -p <pass> -r "127.0.0.1;234" -s smtp
> 0: NO "authentication failed"
>
> /var/log/messages has:
>
> Jul 22 16:44:10 ip-10-251-215-230 saslauthd[6419]: do_auth :
> auth failure: [user=test] [service=smtp] [realm=127.0.0.1;234]
> [mech=pam] [reason=PAM auth error]
>
> I'm assuming this means everything is ok up to my /etc/pam.d/smtp
> file.... anywhere else I can look for more details on any PAM errors or
> errors with pam_ruby?
Try adding the debug flag to it ie in your pam.d/smtp file (it is usually
supported and it logs to like /var/log/debug or wherever syslog is making
it point to.)
account required pam_ruby.so debug
password required pam_ruby.so debug
auth required pam_ruby.so debug
session required pam_ruby.so debug
I would probably turn debugging up on both sides ie saslauthd and mysql
then, step through them like:
auth required pam_ruby.so debug
account required pam_permit.so debug
password required pam_permit.so debug
session required pam_permit.so debug
or you can use pam_unix instead of pam_permit so it grabs your local
duplicate local account info.
Sean
> However, playing around a bit more with sasl2-sample-server/client I get
> different results:
> sasl2-sample-server -s system-auth -p8000
> ......
> performing SASL negotiation: user not foundclosing connection
>
>
> sasl2-sample-client -s system-auth -p 8000 -m LOGIN localhost
> receiving capability list... recv: {53}
> CRAM-MD5 ANONYMOUS NTLM LOGIN PLAIN DIGEST-MD5 GSSAPI
> CRAM-MD5 ANONYMOUS NTLM LOGIN PLAIN DIGEST-MD5 GSSAPI
> send: {5}
> LOGIN
> send: {1}
> N
> recv: {9}
> Username:
> please enter an authentication id: <user>
> Password:
> send: {4}
> <user>
> recv: {9}
> Password:
> send: {9}
> <password>
> authentication failed
> closing connection
>
> -David
>
>
>
>
>
>
>
--------------------------------------
Sean O'Malley, Information Technologist
Michigan State University
-------------------------------------
More information about the Cyrus-sasl
mailing list