saslauthd not working?

Drew Tomlinson drew at mykitchentable.net
Wed Sep 24 15:42:42 PDT 2003


On Tue, 23 Sep 2003 17:32:33 -0700 (PDT), Charlie Schluting 
<charlie at schluting.com> wrote:

> Hi,
>
> Trying to configure sasl with postfix.. and I keep getting "Login
> Failed"

I had a hell of a tough time getting this configured on my system.  As I 
recall, once one knows about the Postfix bug (which you do based on your 
Postfix config), the default install works.

> Here's what I have:
>
> telnet localhost 25:
> AUTH PLAIN Y2hhcm...
> 535 Error: authentication failed
>
> The maillog simply shows:
> warning: localhost[127.0.0.1]: SASL PLAIN authentication failed
>
> /etc/rc.conf:
> sasl_saslauthd_enable="YES"
> sasl_saslauthd_flags="-a getpwent"

I am using 4.8-STABLE as of 06/29/03.  I have nothing in my rc.conf 
regarding saslauthd.  I do have in /usr/local/etc/rc.d/saslauthd.sh.  By 
default, it runs "saslauthd -a pam".  This is the script that came with 
the port.  I've made no mods.

> /usr/local/lib/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mech_list: plain login

I also have "auto_transition: yes" in this file.  I don't know what it 
means or does.

> I'm not using pam for anything else, so I figured that this method had
> the best chance of working :)
> Postfix is NOT chrooted, and postfix is in group mail.
>
> Postfix config:
>
>  smtpd_sasl_auth_enable = yes
>  smtpd_sasl_security_options = noanonymous
>  smtpd_sasl_local_domain =

This line is the bug I mentioned.  Must be null, as you have it.

>  broken_sasl_auth_clients = yes
>
> Here's the perms on saslauthd:
> drwxrwx---   2 cyrus  mail   512 Sep 23 17:27 saslauthd/
>
> Am I missing anything?
> I tried adding -d to saslauthd_flags in rc.conf. When I started
> saslauthd, it just hung there, like I expected, only, I didn't get any
> output when I tried to login to postfix.

Everything seems similar to my setup except your rc.conf.  As I recall, 
/etc/pam.conf did not need any additions because the last section defaults 
to using getpwnam().

Good luck!  It's great when it works.

HTH,

Drew


More information about the freebsd-questions mailing list