System: Redhat AS3
During reading postfix installation guide on the Internet , I found
that to let SASL authenciate against a mysql db, besides compiling
SASL to support mysql (direct authenicate) , another method is to let
SASL use PAM and let PAM to authenticate against a mysql db.
Using PAM is far more simply as I don't need to add MD5 patch
and reconmpile SASL. PAM-Mysql does support MD5.
I downloaded pam-mysql 0.6 tarball
I performed
./configure --with-mysql=/usr/local/mysql --with-openssl --with-sas2
during the configuration process,
checking if "/usr/local/mysql" is a mysql_config script... no
checking mysql_config availability in /usr/local/mysql/bin... yes
checking for mysql_real_query... yes
checking for mysql_real_escape_string... yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for openssl_CFLAGS... -I/usr/kerberos/include
checking for openssl_LIBS... -L/usr/kerberos/lib -lssl -lcrypto
-lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz
checking pam_appl.h usability... yes
checking pam_appl.h presence... yes
checking for pam_appl.h... yes
checking pam_modules.h usability... yes
checking PAM_CONV_AGAIN availability... yes
checking PAM_INCOMPLETE availability... yes
checking if the second argument of pam_get_user() takes const pointer... yes
checking if the third argument of pam_get_data() takes const pointer... yes
checking if the third argument of pam_get_item() takes const pointer... yes
checking if the second argument of pam_conv.conv() takes const pointer... yes
checking if md5.h is derived from Cyrus SASL Version 1... yes
checking for crypt in -lcrypt... yes
checking for crypt... yes
configure: creating ./config.status
config.status: creating Makefile
does it mean it can find mysql & sasl libraries and headers ? and also
during the make process, it is linking to mysql libraries and database
Then I copied pam_mysql.so to /lib/security/
I created /etc/pam.d/smtp, add two lines is added
auth sufficient pam_mysql.so user=postfixuser
passwd=userpostfix host=localhost db=postfix
table=mailbox usercolumn=username passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=postfixuser
passwd=userpostfix host=localhost db=postfix
table=mailbox usercolumn=username passwdcolumn=password crypt=1
restart sasuthd and postfix
I tried testsaslauth to test whether it can authenitcate user which stored in db
# /usr/sbin/testsaslauthd -u
adrianmak@example.net -p secret
0: NO "authentication failed"
/var/log/message showed
Aug 20 10:46:12 dmhy imap(pam_unix)[19757]: check pass; user unknown
Aug 20 10:46:12 dmhy imap(pam_unix)[19757]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
Aug 20 10:46:14 dmhy saslauthd[19757]: do_auth : auth failure:
[user=adrianmak@example.net] [service=imap] [realm=] [mech=pam]
[reason=PAM auth error]
What's wrong with it ?