saslauth configuration question - ANSWERED

Charles Bradshaw brad at gx110.bradcan.homelinux.com
Tue Jan 15 06:15:54 EST 2013


Thanks I see the light,

OK, I'm defiantly using sasldb and saslauthd because it is the only source of
user and pass word (no user account on the server).

When there is failure this /var/log/maillog message or something like it:

AUTH failure (DIGEST-MD5): user not found (-20) SASL(-13): user not found: no
secret in database

A google of the above is often answered with something like "which database?
Ah... that's the question"

Charles Bradshaw says: "Look in your syslog for further clues" you should see:
 
sendmail[7018]:
 unable to open Berkeley db /etc/sasldb2: No such file or directory <<<<< THIS
SHOULD BE IN maillog as well please.
sendmail[7018]:
 no secret in database <<<<< This is duplicate in maillog

or

Just the latter which means the user and/or realm and password details are not
in sasldb2. Why is sasldb2 being accessed? read on...

> On 14 Jan 2013 14:07:33 -0600, Dan White wrote:
>
> What saslauthd backend are you using?

Clearly I DON'T KNOW that's why I ask the question!

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ANSWER <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

On 15 Jan 2013 06:52:49 +0100, Patrick Ben Koetter wrote:

> There's a fallback mechanism in Cyrus SASL that makes it always (!) call
> sasldb, if a) no authentication backend was specified and/or b) a mechanism
> was asked which cannot be handled by the backends specified.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Charles Bradshaw says: Answering questions with questions and/or re-iterating
quotes from other (potentially misleading) sources is just noise and serves
only to increase my depth of confusion.

I hope this helps others, thanks Charles Bradshaw

> On 01/14/13 19:39 +0000, Charles Bradshaw wrote:
> >I am considering switching my smptd from sendmail to postfix, but I am a
> >little confused.
> >
> >The following snip from http://www.postfix.org/SASL_README.html
> >
> >"
> >/etc/sasl2/smtpd.conf:
> >    pwcheck_method: saslauthd
> >    mech_list: PLAIN LOGIN
> >
> >Do not specify any other mechanisms in mech_list than PLAIN or LOGIN when
> >using saslauthd! It can only handle these two mechanisms, and authentication
> >will fail if clients are allowed to choose other mechanisms.
> >"
> >
> >Appears to be wrong! I have the sasl2 configuration:
> >
> >/etc/sasl2/Sendmail.conf:
> >    pwcheck_method: saslauthd
> >    mech_list: DIGEST-MD5 PLAIN
> >
> >>> DEFINITELY WORKING <<
> >
> >Admittedly, I am using sendmail and not postfix so perhaps I have a miss
> >configuartion somewhere. The server in question is using /etc/salsdb with some
> >test users NOT having accounts on the server and the debug dialogs clearly
> >show that DIGEST-MD5 is being used.
> >
> >The above quote, cut and paste from the readme, contains a clear enough
> >statement, except for the grammer, ie the word "other" missing  between the
> >words "mech_list" and "than". But:
> >
> >I'm confused because I have a solid, tested, working example which contradicts
> >the postfix readme.
> >
> >Is the operation of Sendmail.conf somehow different to smtpd.conf?
> >
> >Further on the readme does say:
> >
> >/etc/sasl2/smtpd.conf:
> >    pwcheck_method: auxprop
> >    auxprop_plugin: sasldb
> >    mech_list: CRAM-MD5 PLAIN
> >
> >Which also works.
> >
> >Is there a rational explanation or do I just put it down to a ghost in the
> >machine?
> 
------- End of Original Message -------


More information about the Cyrus-sasl mailing list