Hi,

I am stumped. I cannot get 'auth login' to work. Here are the details of my setup. I have a working postfix server that accepts incoming emails for my smpt-test-user account when not using authentication.

Now I am trying to add smtp authentication using 'auth login' via the saslauthd.

So I launch the 'saslauthd -a shadow'.
Run 'testsaslauthd -u smtp-test-user -p password'. Get this response:
0: OK "Success."

My UNIX-domain socket is here:
/var/run/sasl2/mux

My /etc/sasl2/smtpd.config
=======
pwcheck_method: saslauthd
mech_list: plain login
saslauthd_path: /var/run/sasl2/mux
=======

SASL related settings in main.cf
=======
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
broken_sasl_auth_clients = yes
=======

then from my client I
=====================
>telnet suse102.corp.company.com 25
220 suse102.corp.company.com ESMTP Postfix
ehlo localhost
250-suse102.corp.company.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN
250-AUTH=LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
c210cC10ZXN0LXVzZXIy
334 UGFzc3dvcmQ6
HnVppNzc=
535 5.7.0 Error: authentication failed: generic failure
=======================

The relevant postfix log
========================
Mar 31 21:03:48 suse102 postfix/smtpd[5031]: < unknown[426.333.56.97]: auth login
Mar 31 21:03:48 suse102 postfix/smtpd[5031]: xsasl_cyrus_server_first: sasl_method login
Mar 31 21:03:48 suse102 postfix/smtpd[5031]: xsasl_cyrus_server_auth_response: uncoded server challenge: Username:
Mar 31 21:03:48 suse102 postfix/smtpd[5031]: > unknown[426.333.56.97]: 334 VXNlcm5hbWU6
Mar 31 21:04:23 suse102 postfix/smtpd[5031]: < unknown[426.333.56.97]: c210cC10ZXN0LXVzZXIy
Mar 31 21:04:23 suse102 postfix/smtpd[5031]: xsasl_cyrus_server_next: decoded response: smtp-test-user
Mar 31 21:04:23 suse102 postfix/smtpd[5031]: xsasl_cyrus_server_auth_response: uncoded server challenge: Password:
Mar 31 21:04:23 suse102 postfix/smtpd[5031]: > unknown[426.333.56.97]: 334 UGFzc3dvcmQ6
Mar 31 21:04:30 suse102 postfix/smtpd[5031]: < unknown[426.333.56.97]: HnVppNzc=
Mar 31 21:04:30 suse102 postfix/smtpd[5031]: xsasl_cyrus_server_next: decoded response: password
Mar 31 21:04:30 suse102 postfix/smtpd[5031]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Mar 31 21:04:30 suse102 postfix/smtpd[5031]: warning: unknown[426.333.56.97]: SASL login authentication failed: generic failure
Mar 31 21:04:30 suse102 postfix/smtpd[5031]: > unknown[426.333.56.97]: 535 5.7.0 Error: authentication failed: generic failure
========================

It looks like the postfix server is not finding the UNIX-domain socket file. But why? and how do I point it to the correct place?

I would really appreciate any help on this.

Thanks in advance.

Postfix only supports SASL through Dovecot and Cyrus but it looks like you are using Cyrus. Additionally, it looks like the Cyrus sasl auth is at least partially functional, which suggests that the problem may be related to communication with postfix.

What is interesting is that it is saying things like unkown user: VXNlcm5hbWU6. Is this a base64 encoding? How does this compare in a log file to a plain login? I think the next error messages indicate that the plain and login methods failed and it is then going on to password login which may not be supported.

I must appologize for not having any better suggestions for you. In case you haven't seen it, the postfix documentation seems to be pretty comprehensive in this regard: http://www.postfix.org/SASL_README.h...er_sasl_enable. Specifically look for the section titled: Testing SASL authentication in the Postfix SMTP Server

Also, note that this is still a plain text login, even though it is hashed. You should consider running this over TLS, in which case a plain login may be sufficient.