Re: sasl > 2.1.15 and user@domain logins

permalink · #1 (**permalink**) 02-22-2004

On Sun, Feb 22, 2004 at 01:07:39PM +0100, Andreas Winkelmann wrote:

Hi ya,

<..problem descr..>

> Not a problem, a new Feature of Cyrus-SASL.
>
> Maybe this Patch will help you:
>
> http://asg.web.cmu.edu/archive/messa...patch&msg=4669

Thank you :) Stupid feature IMHO, since it's not controllable via
config.

--
WideXS http://www.widexs.nl
Wouter de Jong System-Administrator
Tel +31 (0)23 5698070 Fax +31 (0)23 5698099
Bijlmermeerstraat 62, 2131 HG HOOFDDORP, NL

permalink · #2 (**permalink**) 02-26-2004

wouter@widexs.nl (Wouter de Jong) wrote in message news:<c1a722$2v73$1@FreeBSD.csie.NCTU.edu.tw>...

Hello,

> <..problem descr..>
>
> > Not a problem, a new Feature of Cyrus-SASL.
> >
> > Maybe this Patch will help you:
> >
> > http://asg.web.cmu.edu/archive/messa...patch&msg=4669
>
> Thank you :) Stupid feature IMHO, since it's not controllable via
> config.

sorry, but probably my problem with sasl authentification in postfix
is related to yours. But i´m using sasl 2.1.15 and postfix 2.0.14
(which are the original versions from SuSE 9.0). When a client tries
to authenticate with postfix the following happened:

Feb 26 17:18:15 daolin postfix/smtpd[9422]: connect from
lotus.jetsys.de[192.168.9.10]
Feb 26 17:18:15 daolin postfix/smtpd[9422]: setting up TLS connection
from lotus.jetsys.de[192.168.9.10]
Feb 26 17:18:15 daolin postfix/smtpd[9422]: TLS connection established
from lotus.jetsys.de[192.168.9.10]: TLSv1 with cipher RC4-MD5 (128/128
bits)
Feb 26 17:18:15 daolin saslauthd[1813]: rel_accept_lock : released
accept lock
Feb 26 17:18:15 daolin saslauthd[1813]: pam_unix2:
pam_sm_authenticate() called
Feb 26 17:18:15 daolin saslauthd[1813]: pam_unix2:
username=[js@mail.jetsys.de]
Feb 26 17:18:15 daolin saslauthd[1814]: get_accept_lock : acquired
accept lock
Feb 26 17:18:15 daolin saslauthd[1813]: pam_unix2: pw == NULL, return
PAM_USER_UNKNOWN
Feb 26 17:18:15 daolin saslauthd[1813]: DEBUG: auth_pam:
pam_authenticate failed: User not known to the underlying
authentication module
Feb 26 17:18:15 daolin saslauthd[1813]: do_auth : auth
failure: [user=js@mail.jetsys.de] [service=smtp]
[realm=mail.jetsys.de] [mech=pam] [reason=PAM auth error]
Feb 26 17:18:15 daolin postfix/smtpd[9422]: warning:
lotus.jetsys.de[192.168.9.10]: SASL LOGIN authentication failed

As i understand the problem is the domain part in the username which
isn´t handled correctly by pam.

cyrus-imapd doesn´t show this behaviour. This username transmitted to
saslauthd only contains the plain username and no domain part.

Should i upgrade to sasl 2.1.16 and apply the fix?

Greetings, Joerg

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode