On Sun, Nov 01, 2009 at 04:30:21PM +0330, Ali Majdzadeh wrote:
> I have configured saslauthd to use pam for password verification and I want
> to use pam_krb5 as the authentication back-end. I have set the following
> options in /etc/postfix/sasl/smtpd.conf:
>
> log_level: 3
> pwcheck_method: saslauthd
> mech_list: plain login
>
> Also, I have entered the following lines in /etc/pam.d/smtp
>
> auth sufficient /lib/security/pam_krb5.so minimum_uid=1000
> session required /lib/security/pam_krb5.so minimum_uid=1000
> account required /lib/security/pam_krb5.so minimum_uid=1000
> password sufficient /lib/security/pam_krb5.so minimum_uid=1000
>
> When I use testsaslauthd as "testsaslauthd -u user -p pass -s smtp -f
> /var/run/saslauthd/mux", it can successfully authenticate the user which has
> a corresponding principal in my kerberos configuration. But, when I want to
> use telnet to actually test the smtp server, the authentication fails.
> By
> the way, what should be provided to the server when the desired
> authentication mechanism is plain? (Is that something like: perl
> -MMIME::Base64 -e 'print encode_base64("user\0pass")')?
No. You need a leading "\0" for an empty authzid.
"\0user\0pass"
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[email protected]?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
