[CentOS] saslauthd

Michael Kress

kress at hal.saar.de
Wed Aug 26 05:50:33 UTC 2009 

Hello,
I'm having trouble to get saslauthd running on a centos-5.3. I can't 
autheticate via testsaslauthd. Here's what I do using a fresh /etc/sasldb2:
1) start saslauthd in debug mode: saslauthd -d  -a shadow -O 
/usr/lib64/sasl2/smtpd.conf -r -l
2) saslpasswd2 -c -a mail -u mail testuser
3) testsaslauthd -u testomat -p <mypassword> -s smtp -r mail
shell output of testsaslauthd:
0: NO "authentication failed"

shell output of saslauthd:
[root at x02-new ~]# saslauthd -d  -a shadow -O /usr/lib64/sasl2/smtpd.conf 
-r -l
saslauthd[1936] :main            : num_procs  : 5
saslauthd[1936] :main            : mech_option: /usr/lib64/sasl2/smtpd.conf
saslauthd[1936] :main            : run_path   : /var/run/saslauthd
saslauthd[1936] :main            : auth_mech  : shadow
saslauthd[1936] :detach_tty      : master pid is: 0
saslauthd[1936] :ipc_init        : listening on socket: 
/var/run/saslauthd/mux
saslauthd[1936] :main            : using process model
saslauthd[1936] :have_baby       : forked child: 1937
saslauthd[1936] :have_baby       : forked child: 1938
saslauthd[1936] :have_baby       : forked child: 1939
saslauthd[1936] :have_baby       : forked child: 1941
saslauthd[1937] :do_auth         : auth failure: [user=testomat at mail] 
[service=smtp] [realm=mail] [mech=shadow] [reason=Unknown]
saslauthd[1937] :do_request      : response: NO


output in /var/log/messages:
Aug 26 07:41:31 x02-new saslauthd[1673]: server_exit     : master exited: 0
Aug 26 07:41:33 x02-new saslauthd[1936]: detach_tty      : master pid is: 0
Aug 26 07:41:33 x02-new saslauthd[1936]: ipc_init        : listening on 
socket: /var/run/saslauthd/mux
Aug 26 07:41:38 x02-new saslauthd[1937]: do_auth         : auth failure: 
[user=testomat at mail] [service=smtp] [realm=mail] [mech=shadow] 
[reason=Unknown]

output of saslfinger:
====================================================
#csaslfinger -s
saslfinger - postfix Cyrus sasl configuration Mi 26. Aug 07:43:47 CEST 2009
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.3.3
System: CentOS release 5.3 (Final)

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002b0ffbdee000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = mail
smtpd_sasl_security_options = noanonymous


-- listing of /usr/lib64/sasl2 --
insgesamt 2916
drwxr-xr-x  2 root root   4096 26. Aug 07:34 .
drwxr-xr-x 52 root root  20480 26. Aug 00:32 ..
-rwxr-xr-x  1 root root    890  7. Jan 2007  libanonymous.la
-rwxr-xr-x  1 root root  15880  7. Jan 2007  libanonymous.so
-rwxr-xr-x  1 root root  15880  7. Jan 2007  libanonymous.so.2
-rwxr-xr-x  1 root root  15880  7. Jan 2007  libanonymous.so.2.0.22
-rwxr-xr-x  1 root root    862  7. Jan 2007  liblogin.la
-rwxr-xr-x  1 root root  16480  7. Jan 2007  liblogin.so
-rwxr-xr-x  1 root root  16480  7. Jan 2007  liblogin.so.2
-rwxr-xr-x  1 root root  16480  7. Jan 2007  liblogin.so.2.0.22
-rwxr-xr-x  1 root root    862  7. Jan 2007  libplain.la
-rwxr-xr-x  1 root root  16448  7. Jan 2007  libplain.so
-rwxr-xr-x  1 root root  16448  7. Jan 2007  libplain.so.2
-rwxr-xr-x  1 root root  16448  7. Jan 2007  libplain.so.2.0.22
-rwxr-xr-x  1 root root    936  7. Jan 2007  libsasldb.la
-rwxr-xr-x  1 root root 892920  7. Jan 2007  libsasldb.so
-rwxr-xr-x  1 root root 892920  7. Jan 2007  libsasldb.so.2
-rwxr-xr-x  1 root root 892920  7. Jan 2007  libsasldb.so.2.0.22
-rw-r--r--  1 root root    167 26. Aug 07:34 smtpd.conf

-- listing of /usr/lib/sasl2 --
insgesamt 2912
drwxr-xr-x  2 root root   4096 26. Aug 07:41 .
drwxr-xr-x 30 root root  12288 26. Aug 00:33 ..
-rwxr-xr-x  1 root root    884  7. Jan 2007  libanonymous.la
-rwxr-xr-x  1 root root  14372  7. Jan 2007  libanonymous.so
-rwxr-xr-x  1 root root  14372  7. Jan 2007  libanonymous.so.2
-rwxr-xr-x  1 root root  14372  7. Jan 2007  libanonymous.so.2.0.22
-rwxr-xr-x  1 root root    856  7. Jan 2007  liblogin.la
-rwxr-xr-x  1 root root  14752  7. Jan 2007  liblogin.so
-rwxr-xr-x  1 root root  14752  7. Jan 2007  liblogin.so.2
-rwxr-xr-x  1 root root  14752  7. Jan 2007  liblogin.so.2.0.22
-rwxr-xr-x  1 root root    856  7. Jan 2007  libplain.la
-rwxr-xr-x  1 root root  14848  7. Jan 2007  libplain.so
-rwxr-xr-x  1 root root  14848  7. Jan 2007  libplain.so.2
-rwxr-xr-x  1 root root  14848  7. Jan 2007  libplain.so.2.0.22
-rwxr-xr-x  1 root root    930  7. Jan 2007  libsasldb.la
-rwxr-xr-x  1 root root 905200  7. Jan 2007  libsasldb.so
-rwxr-xr-x  1 root root 905200  7. Jan 2007  libsasldb.so.2
-rwxr-xr-x  1 root root 905200  7. Jan 2007  libsasldb.so.2.0.22

-- listing of /etc/sasl2 --
insgesamt 24
drwxr-xr-x  2 root root  4096 26. Aug 07:36 .
drwxr-xr-x 85 root root 12288 26. Aug 07:38 ..




-- content of /usr/lib64/sasl2/smtpd.conf --
auto_transition: true
pwcheck_method: auxprop
saslauthd_version: 2
auxprop_plugin: sasldb
allowanonymouslogin: 0
allowplaintext: 1
mech_list: PLAIN LOGIN
log_level: 3


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m 
${extension} ${user}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m 
${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop 
$recipient

-- mechanisms on localhost --

-- end of saslfinger output --

====================================================


content of /etc/pam.d/smtp  :
#%PAM-1.0
auth       include      system-auth
account    include      system-auth


What's working well: testsaslauthd -u root -p <myrootpassword> -s smtp
0: OK "Success."

I don't know what's going on - it seems that testsaslauthd doesn't 
lookup the user 'testomat' in /etc/sasldb2
Have you got an idea? - Thanks in advance
Regards
Michael

More information about the CentOS mailing list