Re: howto use sasl

From: Alexander Dalloz (ad+)
Date: Sun Mar 05 2006 - 16:36:19 EST

  • Next message: Richard Secor: "Re: FreeBSD & Postfix & Cyrus SASL & Courier Authdaemond"

    Am So, den 05.03.2006 schrieb julius Junghans um 21:11:

    > Thx for the documents, but as mentioned on the first page its still
    > difficult.

    > /etc/sasl2/smtpd.conf
    > #global
    > pwcheck_method: sasldb

    That is not proper with SASLv2. You must use

    pwcheck_method: auxprop
    auxprop_plugin: sasldb

    But you can omit that, as it is the default and automatic fallback
    backend method.

    > log_level: 4
    > mech_list: DIGEST-MD5
    >
    > #auxiliary plugin parameters
    > #auxprop_plugin: sasldb
    > sasldb_path: /etc/sasl2/sasldb2
    >
    > #not safe, testing only
    > ls -lh /etc/sasl2/
    > insgesamt 392K
    > lrwxrwxrwx 1 root root 10 5. Mär 20:40 sample.conf -> smtpd.conf
    > -rwxrwxrwx 1 root root 385K 5. Mär 20:45 sasldb2

    Awful permissions! Secure the auth data in there by setting proper unix
    permissions.

    > -rwxrwxrwx 1 root root 265 5. Mär 20:52 smtpd.conf
    >
    >
    > #my test user:
    > saslpasswd2 -c sales -u schleppi.localdomain
    >
    > #/etc/hosts
    > 192.168.10.66 schleppi.localdomain schleppi
    >
    >
    > sasldblistusers2
    > sales at schleppi dot localhost: userPassword
    >
    >
    >
    > #client
    > ./client -p 30000 localhost -m DIGEST-MD5
    > receiving capability list... recv: {46}
    > ANONYMOUS CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
    > ANONYMOUS CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
    > send: {10}
    > DIGEST-MD5
    > send: {1}
    > N
    > recv: {113}
    > nonce="dSTaTSBVCxPa3ul0sopC+O856Eh7k2m5wronG5MJYmc=",realm="schleppi",qop="auth",charset=utf-8,algorithm=md5-sess

    According to your sasldb2 / saslpasswd your realm is
    "schleppi.localdomain" and not "schleppi".

    > please enter an authentication id: sales
    > please enter an authorization id: sales
    > Password:
    > send: {231}
    > username="sales",realm="schleppi",nonce="dSTaTSBVCxPa3ul0sopC+O856Eh7k2m5wronG5MJYmc=",cnonce="+/3GCg5O7oVdYW0PIEKX9t97CCUzbSRWoPbEMeHFk2s=",nc=00000001,qop=auth,digest-uri="rcmd/localhost",response=8bd84aa26eb1d8b2eabe91a67ae33dbb
    > authentication failed
    > closing connection
    >
    >
    > #server
    > ./server -s rcmd -p 30000 -m DIGEST-MD5 ### whats this rcmd
    > service? its used in vortrag_cyrus_SASL.pdf
    > trying 2, 1, 6
    > trying 10, 1, 6
    > socket: Address family not supported by protocol
    > accepted new connection
    > send: {10}
    > DIGEST-MD5
    > recv: {10}
    > DIGEST-MD5
    > recv: {1}
    > N
    > send: {113}
    > nonce="xUDjZNEzv6FHtF3R8veYONSMFz1/ccwuHyCuWAfakFA=",realm="schleppi",qop="auth",charset=utf-8,algorithm=md5-sess
    > recv: {231}
    > username="sales",realm="schleppi",nonce="xUDjZNEzv6FHtF3R8veYONSMFz1/ccwuHyCuWAfakFA=",cnonce="YfLO87mIQCYN9MO2pegvY8oaFXk0xfMCT8Fuzxe/eJ8=",nc=00000001,qop=auth,digest-uri="rcmd/localhost",response=2c38b9309e288dd75d866c5d3892d118

    realm mismatch here too.

    > performing SASL negotiation: user not foundclosing connection
    >
    >
    > okay, so the user isn't found, why?

    Alexander

    -- 
    Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
    legal statement: http://www.uni-x.org/legal.html
    Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
    Serendipity 22:28:48 up 10 days, 17 users, load average: 0.11, 0.19,
    0.18 
    
    



  • Next message: Richard Secor: "Re: FreeBSD & Postfix & Cyrus SASL & Courier Authdaemond"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD