Juan Miscaro wrote:
Hi everybody,
I have STARTTLS, SMTP-AUTH, and SASL running with cleartext passwords
in a SQL backend for a while now. I am trying to switch over from
cleartext to crypt in terms of my passwords stored in MySQL. I have
things running for IMAP with crypt. For SMTP-AUTH I am using the same
SQL table and password. I thought all I would need to do is edit my
smtpd.conf file (point to the encrypted table column and specify crypt
as password format) but I'm getting
postfix/smtpd[6085]: warning: SASL authentication failure: Password
verification failed
postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL PLAIN
authentication failed: authentication failure
postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL LOGIN
authentication failed: authentication failure
I'm using libsasl2 in Debian Etch (not sure if this is Cyrus or not,
none of the included documents specify) but either ways, I use sasl with
pam and pam with mysql.
~# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
# cat /etc/pam.d/smtp
auth required pam_mysql.so user=postfix passwd=YOURPASS host=127.0.0.1
db=postfix table=mailbox usercolumn=username passwdcolumn=password
crypt=1 md5=1
account sufficient pam_mysql.so user=postfix passwd=YOURPASS
host=127.0.0.1 db=postfix table=mailbox usercolumn=username
passwdcolumn=password crypt=1 md5=1
One other gotcha is that if you're running Postfix in a chroot, you have
to make sasl put it's socket in the Postfix chroot, otherwise it won't work.
From /etc/defaults/saslauthd:
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
Hope this helps!
--kj
