On Sun Mar 10, 2002 at 10:36:09AM -0800, David Guntner wrote: > > Another thing that I find strange, was his /usr/lib/sasl/smtpd.conf > > file. It contained lines which should be in /etc/pam.d/smtpd. When I > > had postfix+SMTP AUTH somewhat working, I had nothing but pwcheck_method > > in there - and this file seemed to be totally ignored, by the way. > > I have to agree with Alexander on this one, Vincent. I've just run a bunch > of tests. I used saslpasswd to create a username and password for myself, > different from my regular system password. My regular mail client on my > Windows machine appears to use CRAM-MD5 when being told to login to the > SMTP server with a username and password (when I had the wrong one in, my > syslog showed that CRAM-MD5 failed). No matter *what* I put in > /usr/lib/sasl/smtpd.conf - pwcheck, pam, shadow - if I use my system > password, authentication fails. But if I use the password that I created > with saslpasswd, it works fine, regardless of the authentication method > that I've selected. Needless to say, this is not very desirable - I want > to be able to have users authenticate based on their login password, just > like they can do with POP3. Maybe you can check with whoever to find out > why it's behaving in this fashion?
If this is the case, then it's a problem with cyrus-sasl itself, and the queries should be directed to the author. However, I'm not convinced that is the case because the pam/shadow methods worked here provided that /etc/shadow was mode 644. I don't know why one would work over the other except, perhaps, that cram-md5 and others don't work with pam... that may only be supported for plaintext password authentication. You may *have* to use sasl.db for cram/digest-md5 passwords. -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import" 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.8-34.1mdk uptime: 1 day 1 hour 55 minutes.
msg50824/pgp00000.pgp
Description: PGP signature
