Viktor,
Sorry about the previous mail. The logs which I sent were incorrect.
Actually, there are no log messages just the following one in
/var/log/mail.log:
Nov 7 11:44:54 client2 postfix/smtpd[13159]: warning: SASL authentication
failure: Password verification failed
But, as I told you before, I can successfully test the authentication
process using sasltestuser.
Kind Regards
Ali Majdzadeh Kohbanani
2009/11/7 Ali Majdzadeh <ali.majdza...@gmail.com>
> Viktor,
> Hi
> I hope that you are still following this thread. After a couple of testing,
> I saw the following error in auth.log:
>
> Nov 7 11:14:51 client2 saslauthd[2882]: DEBUG: auth_pam: pam_authenticate
> failed: Permission denied
> Nov 7 11:14:51 client2 saslauthd[2882]: do_auth : auth failure:
> [user=rana] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
>
> Do you have any ideas about these?
>
> Kind Regards
> Ali Majdzadeh Kohbanani
>
> 2009/11/2 Ali Majdzadeh <ali.majdza...@gmail.com>
>
> Victor,
>> Hello
>> Thanks a lot for your help. I am going to test your solutions. Thanks
>> again.
>>
>> Warm Regards
>> Ali Majdzadeh Kohbanani
>>
>> 2009/11/2 Victor Duchovni <victor.ducho...@morganstanley.com>
>>
>> On Sun, Nov 01, 2009 at 04:30:21PM +0330, Ali Majdzadeh wrote:
>>>
>>> > I have configured saslauthd to use pam for password verification and I
>>> want
>>> > to use pam_krb5 as the authentication back-end. I have set the
>>> following
>>> > options in /etc/postfix/sasl/smtpd.conf:
>>> >
>>> > log_level: 3
>>> > pwcheck_method: saslauthd
>>> > mech_list: plain login
>>> >
>>> > Also, I have entered the following lines in /etc/pam.d/smtp
>>> >
>>> > auth sufficient /lib/security/pam_krb5.so
>>> minimum_uid=1000
>>> > session required /lib/security/pam_krb5.so
>>> minimum_uid=1000
>>> > account required /lib/security/pam_krb5.so
>>> minimum_uid=1000
>>> > password sufficient /lib/security/pam_krb5.so
>>> minimum_uid=1000
>>> >
>>> > When I use testsaslauthd as "testsaslauthd -u user -p pass -s smtp -f
>>> > /var/run/saslauthd/mux", it can successfully authenticate the user
>>> which has
>>> > a corresponding principal in my kerberos configuration. But, when I
>>> want to
>>> > use telnet to actually test the smtp server, the authentication fails.
>>>
>>> > By
>>> > the way, what should be provided to the server when the desired
>>> > authentication mechanism is plain? (Is that something like: perl
>>> > -MMIME::Base64 -e 'print encode_base64("user\0pass")')?
>>>
>>> No. You need a leading "\0" for an empty authzid.
>>>
>>> "\0user\0pass"
>>>
>>> --
>>> Viktor.
>>>
>>> Disclaimer: off-list followups get on-list replies or get ignored.
>>> Please do not ignore the "Reply-To" header.
>>>
>>> To unsubscribe from the postfix-users list, visit
>>> http://www.postfix.org/lists.html or click the link below:
>>> <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
>>>
>>> If my response solves your problem, the best way to thank me is to not
>>> send an "it worked, thanks" follow-up. If you must respond, please put
>>> "It worked, thanks" in the "Subject" so I can delete these quickly.
>>>
>>
>>
>
