Thanks Luca and Martin, There's a few things to answer so I went up the thread a bit and will try to do both.
On Sun, 2003-06-01 at 22:31, Jack Coates wrote: > On Sun, 2003-06-01 at 19:48, Jack Coates wrote: > > On Sun, 2003-06-01 at 10:17, Luca Olivetti wrote: > > > En/na Jack Coates ha escrit: > > > > hey, > > > > > > > > just upgraded my server from 9.0 to 9.1, went fairly smoothly but my > > > > Postfix SASL setup is now busted. Since I need SMTP AUTH to work, this > > > > is a problem :-) > > > > > > If you're using the sasldb, sasl v1 (i.e libsasl7) packages are broken > > > in 9.1, since they're compiled with gdbm as the backend instead of > > > berkeley db. The problem originates from the fact that they combined in > > > the same srpm both sasl v1 and sasl v2. Since sasl v1 isn't developed > > > anymore it doesn't support the latest version of berkeley db, while sasl > > > v2 does. In the combined package you can buildrequire libdb3.3-devel or > > > libdb4.0-devel but not both, so the old library version is linked with > > > gdbm instead. I have experimental packages with separate srpm for sasl > > > v1 and sasl v2 (each linked with the "correct" database library) but the > > > maintaner didn't accept them because he says they don't compile in cooker. > > > I suppose you can grab the current srpm, replace the "Buildrequires: > > > libdb4.0-devel" with "Buildrequires: libdb3.3-devel" and tweak configure > > > options for sasl v1 (remove the --with-gdbm or something similar). > > > > > > Bye > > ... > > More info -- read enough and used testsaslauthd enough to decide sasl is > basically working... I've now found an actual live and relevant error > message! When I try to send an authenticated message, Postfix complains > that whatever pwcheck method I specified in /usr/lib/sasl/smtpd.conf is > unrecognized: > > Jun 1 22:12:57 felix postfix/smtpd[5896]: warning: SASL authentication > problem: unrecognized plaintext verifier saslauthd > Jun 1 22:17:09 felix postfix/smtpd[5958]: warning: SASL authentication > problem: unrecognized plaintext verifier pwcheck > > One exception, pwcheck_method of pam gets no error message at all -- no > mail, either, even if I... [insert filthy unprintables here] > Luca noted, " But it won't do you any good if all your secrets are in sasldb. What happens if you remove completely /usr/lib/sasl/smtpd.conf? (sasldb should be the default then)." When I remove it, SASLDB keeps working. So, does this mean that the PAM setting never worked at all, and choosing a method which was somehow valid but not enabled caused the fallthrough to sasldb? I'm just very puzzled by it not working when I specify sasldb. and Luca also noted: "This is wrong: the sasldb for v1 and v2 have a different layout, so they should be two separate and distinct files. This has nothing to do with your problem though." Sorry,I caught that and did the conversion, so the v2 sasldb now lives in /var/lib/sasl2/sasl.db Martin asked, "What about to use sasldb as authentication method?" One of the things I've done while looking on the web is to note that sasl's default sasldb location is /etc/sasldb, not /var/lib/sasl/sasl.db. So, I put in a symlink to the v1 version. > > It just started working when I switched to pwcheck_method: pam. > > By just started working, I mean > 250-AUTH LOGIN DIGEST-MD5 PLAIN CRAM-MD5 > 250-AUTH=LOGIN DIGEST-MD5 PLAIN CRAM-MD5 > And Martin notes "This has nothing to do with the authentication mehtod (besides that only sasldb is able to handle *-MD5 passwords). This two lines only says thas smtpd is able to use those password encryption systems (or plain)." Understood now -- so the presence of the *-MD5 options means that Postfix can now communicate with sasldb whereas it couldn't before. So, this could be caused by either the symlink of the v1 db into /etc, or the symlink of /var/lib/sasl2/ to /var/state/saslauthd (another change suggested by Googling). > now you're probably wondering what these two things have to do with one > another... I know I am. I should also clarify that I turned off chrooting in /etc/postfix/main.cf many moons ago. Urgency is decreased now, but I'm certainly intrigued by the PAM integration option and I will try to get that working. thanks again, -- Jack Coates Monkeynoodle: A Scientific Venture... http://www.monkeynoodle.org/resume.html
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
