* LuKreme <krem...@kreme.com>: > On 17-Mar-2009, at 11:47, Andreas Winkelmann wrote: >>> On 17-Mar-2009, at 03:49, LuKreme wrote: >> >>>> I've made sure that /var/run/saslauthd/ is owned by root:postfix (it >>>> was root:mail) and have removed the authdaemon_path line and am >>>> trying again. Hopefully this was it. >>> >>> That wasn't it, and the ownership by root:mail shouldn't matter as >>> the >>> postfix user is part of the mail group. I think I've read everything >>> twice, and am stumped. >>> >>> Should I just start over and install dovecot (cyrus was the only >>> option way back in the day)? >> >> Did you check Patrick`s hint about the stored Passwords in your SQL- >> Server. >> Cyrus-SASL auxprop is bound to cleartext Passwords. If you have >> crypted >> Passwords, you have to patch Cyrus-SASL. > > Ah... I must have missed that. <looks back> > > Oh, well, that must be it then. passwords from postfixadmin are stored > in md5crypt. > > (they look like $1$a28cb10c$wzblsb81Kv.F7vnMtqlEf.) > > So, more on this patching of Cyrus-SASL?
Dont use the patch. It's old and it braindamages Cyrus SASL. You can use crypted passwords with Cyrus SASL, if you set it up this way: Postfix -> libsasl -> saslauthd (PAM) -> PAM mysql -> Mysql DB That gives you plaintext mechanisms only on client to server communication, but that's okay as long as you required clients to establish a TLS session before they may authenticate. Set this to allow plaintext mechs during TLS only: smtpd_sasl_security_options = noplaintext, noanonymous smtpd_sasl_tls_security_options = noanonymous As for the PAM part in the sasl authentication, start saslauthd like this: saslauthd -a pam -m /path/to/the/socket In /etc/pam.d/smtp configure the PAM Mysql part (I haven't done so yet, so I can't be of any help). p...@rick -- All technical answers asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
