Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Postfix/SASL/RH 8.0



Greetings...
I'm de-lurking (from a new domain) once more with a problem.  (I'd offer
my comments on current topics, but I'm afraid I feel, well, not
sufficiently wise. =)

Synopsis: RH 8.0, Postfix, and trying to get SASL to work for
authentication for relaying.  I've no joy for the wonderful message "no
SASL authentication mechanisms".  Might someone have a clue they can
lend to me?

Details:
Of course, I performed the requisite searches of Google (redhat sasl
authentication etc.), and found 1 exact match for the string above, on a
Japanese web page (alas, my time is spent at the computer, not learning
Japanese), and I didn't see any hints of a solution there.  I searched
through several other pages, slowly building my knowledge of the
situation...

1) Vanilla RedHat 8.0 system.  I decided to try Postfix, since I've had
enough of the joys of "sendmail.cf" (and .m4).  I've read through the
docs available, as well as the web site (the relevant bits).
2) Installed RPMs (yeah, I know -- but I got tired of playing with
Gentoo, because I've got a room full of Linuxen at work) for postfix and
cyrus-sasl.  No brainer.
3) Played with "main.cf" config file.  Added the following:
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unath_destination
smtpd_sasl_security_options = noplaintext noanonymous
(this based on information in the "*RedHat*.txt" file found in 
/usr/share/doc/postfix-1.1.11)
4) Started getting above message - no SASL authentication mechanisms.
5) Read up - realized I needed to configure and check a few things:
/usr/lib/sasl/smtpd.conf: has pwcheck_method: saslauthd
/usr/lib/sasl2/smtpd.conf: has pwcheck_method: saslauthd
6) Changed the invocation method of saslauthd in 
/etc/rc.d/init.d/saslauthd to "pam" .
7) Not knowing what "service" saslauthd and/or smtpd would require for 
PAM authentication, created PAM configuration files for both (nominal 
auth/account/password checks based on system-auth).
8) After the above steps, more reading, lots of testing, lots of 
irritation, realized that, since PLAIN would be the mapping for the PAM 
service (my guess, bases on the Cyrus man page info), I should remove 
the "noplaintext" option from smtpd_sasl_security_options.

So, right now, I can SMTP into the machine, but cannot AUTH PLAIN per 
the SASL readme for Postfix -- and now, instead of "no SASL 
authentication mechanisms", it simply says "SASL PLAIN authentication 
failed".  Of note, also, is the fact that it _only_ lists PLAIN and 
LOGIN as authentication mechanisms when I send the EHLO command via SMTP 
-- and not CRAM, etc., as shown in the "sample".

At this point, I believe it's got to be something between Postfix and 
SASL, but I'm unsure what.  Any info that might point me in the right 
direction would be greatly appreciated.

Larry Stanbery
stanbery@example.com


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links