On Wed, Sep 30, 2009 at 11:39:12PM +0200, Patrick Ben Koetter wrote: > * Jay G. Scott <g...@arlut.utexas.edu>: > > okay, maybe i'm catching on. > > > > i set up the /etc/sasldb2 method of authentication. > > that's doing .... so far .... what i want. > > > > 1. okay, i guess /etc/postfix/sasl_passwd is only for client > > security? but why does the client need security? my > > /etc/postfix/sasl_passwd > > Clients need to identify themselves too if a remote server requires that. > > > file (and assoc .db) were nonsensical, yet i got authenticated, > > encrypted email delivered to that machine, and read it w/ mutt. > > what does /etc/postfix/sasl_passwd really do? > > /etc/postfix/sasl_passwd provides a mapping from servers the Postfix smtp > client connects to and the username:passwords it should use when it > authenticates with the remote SMTP server. > > > > am i not really using it? should i remove those references in main.cf? > > If your Postfix smtp client does not need to authenticate, yes. > > > > i guess /etc/sasldb2 is doing what i wanted. namely, i wanted > > to make a list of all the users (and passwords) that i liked, > > and let the mail server play nice with them, and not let > > anyone else play. > > yep. > > > > 2. did i just open holes in my security? is this a pretty reasonable > > way to do what i want? > > Hard to tell without knowing the current config settings. Send an updated > version of "postconf -n".
that was sent in my email prior, dated 30 sep, 417 lines. also the saslfinger stuff is in there. ah, whoops. the smtpd.conf changed, of course. here it is now: # per koetter book. log_level: 3 pwcheck_method: auxprop mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 # auxilliary plugin parameters auxprop_plugin: sasldb #------------------- and thank you, by the way. > > > > 3. do i have extraneous stuff in my main.cf file now? > > what do i need to delete? > > postconf -n ... > > > > 4. i said "method of authentication" but that's sloppy, right, > > i'm using auxprop(?) as the password-verification service? > > Nope. auxprop and password-verification service are two pairs of shoes (as we > say in Germany...). > > > > or saslauthd with an auxprop plugin? i know i'm using saslauthd, > > i just want to know what the right term is, should i ever > > need to tell someone what i'm doing. > > libsasl uses either an internal method or an external password authentication > service. If it uses the interal method the (auxprop) plugin reads passwords > from an authentication backend and compares that plaintext string to the > password submitted from the mail client. With an external password > authentication service it just asks the service: Is this password for this > username valid and the password authentication service responds either "yes" > or "no". > > HTH, it does, thanks. j. > > p...@rick > > -- > All technical questions asked privately will be automatically answered on the > list and archived for public access unless privacy is explicitely required and > justified. > > saslfinger (debugging SMTP AUTH): > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> -- Jay Scott 512-835-3553 g...@arlut.utexas.edu Head of Sun Support, Sr. Operating Systems Specialist Applied Research Labs, Computer Science Div. S224 University of Texas at Austin
