Postfix and saslauthd
ken at oceana.com
Tue Apr 29 12:11:25 EDT 2003
> David Hearn wrote:
> I've now got Postfix using SASL2 (via saslauthd) to some extent.
> My client is Outlook Express 6 in XP Pro and here is my situation:
> smtpd_sasl_auth_enable = yes
> smtpd_recipient_restrictions = permis_sasl_authenticated,
> permit_mynetworks, reject_unauth_destination
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain =
> broken_sasl_auth_clients = yes
> Note that I have the smtpd_sasl_local_domain set to blank.
> When I try sending an email through the server, smtpd trys to use
> sasldb2 and NTLM authentication first (SPA is turned off in my
> client). OE displays a "username, password and domain" box asking for
> these details. If I put anything in and click okay - it comes back
> and asks it again. I've tried various combinations of username
> without domain, with domain, etc. If I click cancel, then it then
> tries LOGIN and it works. However - (BIG HOWEVER) - it ONLY works if
> I have smtpd_sasl_local_domain set to blank. If I have it set to the
> real domain, then it tries to authenticate
> username.domain.com at domain.com - which fails.
> saslauthd is set up to use PAM, and the imap pam.d file is the same as
> the one used for smtp. I have got OE set up to not use SPA (which I
> understand is NTLM), and its meant to use "same settings as incoming
> mail server".
> Am I doing something wrong here? Why do I have to set
> smtpd_sasl_local_domain to empty? Is this right?
> Is there any way that I can stop it trying to use NTLM authentication
> (anything I can turn off in postfix or something) as I don't want it
> attempting to use that (as it doesn't appear to work).
Either remove the NTLM plugin (eg, /usr/lib/sasl2/libntlm.*) or limit
the list of advertised mechanisms by using the mech_list in your Postfix
SASL config file. See doc/options.html in the SASL distro.
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus