postfix 'auth login' using saslauthd set up doesn't work.
Hi,
I am stumped. I cannot get 'auth login' to work. Here are the details of my setup. I have a working postfix server that accepts incoming emails for my smpt-test-user account when not using authentication. Now I am trying to add smtp authentication using 'auth login' via the saslauthd. So I launch the 'saslauthd -a shadow'. Run 'testsaslauthd -u smtp-test-user -p password'. Get this response: 0: OK "Success." My UNIX-domain socket is here: /var/run/sasl2/mux My /etc/sasl2/smtpd.config ======= pwcheck_method: saslauthd mech_list: plain login saslauthd_path: /var/run/sasl2/mux ======= SASL related settings in main.cf ======= smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd broken_sasl_auth_clients = yes ======= then from my client I ===================== >telnet suse102.corp.company.com 25 220 suse102.corp.company.com ESMTP Postfix ehlo localhost 250-suse102.corp.company.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN 250-AUTH=LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth login 334 VXNlcm5hbWU6 c210cC10ZXN0LXVzZXIy 334 UGFzc3dvcmQ6 HnVppNzc= 535 5.7.0 Error: authentication failed: generic failure ======================= The relevant postfix log ======================== Mar 31 21:03:48 suse102 postfix/smtpd[5031]: < unknown[426.333.56.97]: auth login Mar 31 21:03:48 suse102 postfix/smtpd[5031]: xsasl_cyrus_server_first: sasl_method login Mar 31 21:03:48 suse102 postfix/smtpd[5031]: xsasl_cyrus_server_auth_response: uncoded server challenge: Username: Mar 31 21:03:48 suse102 postfix/smtpd[5031]: > unknown[426.333.56.97]: 334 VXNlcm5hbWU6 Mar 31 21:04:23 suse102 postfix/smtpd[5031]: < unknown[426.333.56.97]: c210cC10ZXN0LXVzZXIy Mar 31 21:04:23 suse102 postfix/smtpd[5031]: xsasl_cyrus_server_next: decoded response: smtp-test-user Mar 31 21:04:23 suse102 postfix/smtpd[5031]: xsasl_cyrus_server_auth_response: uncoded server challenge: Password: Mar 31 21:04:23 suse102 postfix/smtpd[5031]: > unknown[426.333.56.97]: 334 UGFzc3dvcmQ6 Mar 31 21:04:30 suse102 postfix/smtpd[5031]: < unknown[426.333.56.97]: HnVppNzc= Mar 31 21:04:30 suse102 postfix/smtpd[5031]: xsasl_cyrus_server_next: decoded response: password Mar 31 21:04:30 suse102 postfix/smtpd[5031]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Mar 31 21:04:30 suse102 postfix/smtpd[5031]: warning: unknown[426.333.56.97]: SASL login authentication failed: generic failure Mar 31 21:04:30 suse102 postfix/smtpd[5031]: > unknown[426.333.56.97]: 535 5.7.0 Error: authentication failed: generic failure ======================== It looks like the postfix server is not finding the UNIX-domain socket file. But why? and how do I point it to the correct place? I would really appreciate any help on this. Thanks in advance. |
Postfix only supports SASL through Dovecot and Cyrus but it looks like you are using Cyrus. Additionally, it looks like the Cyrus sasl auth is at least partially functional, which suggests that the problem may be related to communication with postfix.
What is interesting is that it is saying things like unkown user: VXNlcm5hbWU6. Is this a base64 encoding? How does this compare in a log file to a plain login? I think the next error messages indicate that the plain and login methods failed and it is then going on to password login which may not be supported. I must appologize for not having any better suggestions for you. In case you haven't seen it, the postfix documentation seems to be pretty comprehensive in this regard: http://www.postfix.org/SASL_README.h...er_sasl_enable. Specifically look for the section titled: Testing SASL authentication in the Postfix SMTP Server Also, note that this is still a plain text login, even though it is hashed. You should consider running this over TLS, in which case a plain login may be sufficient. |
All times are GMT -5. The time now is 11:59 PM. |