From owner-freebsd-questions@FreeBSD.ORG Fri Nov 14 15:23:33 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0568B16A4CE for ; Fri, 14 Nov 2003 15:23:33 -0800 (PST) Received: from blacklamb.mykitchentable.net (207-173-254-228.bras01.elk.ca.frontiernet.net [207.173.254.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id E71FB43FDF for ; Fri, 14 Nov 2003 15:23:31 -0800 (PST) (envelope-from drew@mykitchentable.net) Received: from l035522 (unknown [165.107.42.110]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by blacklamb.mykitchentable.net (Postfix) with ESMTP id 9B5E03BF390; Fri, 14 Nov 2003 15:23:30 -0800 (PST) Message-ID: <02ee01c3ab06$50d70c50$6e2a6ba5@lc.ca.gov> From: "Drew Tomlinson" To: "H. Wade Minter" , References: <20031113104404.V56167@bunning.skiltech.com> Date: Fri, 14 Nov 2003 15:23:30 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: Postfix and SASL2 authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2003 23:23:33 -0000 ----- Original Message ----- From: "H. Wade Minter" To: Sent: Thursday, November 13, 2003 7:48 AM Subject: Postfix and SASL2 authentication > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I've been able to get Postfix and SASL1 to authenticate to system accounts > under FreeBSD with no problem, but now I'm trying to use SASL2. I'm > running into problems. > > I built postfix and sasl2 from ports with no problems. I created > /usr/local/lib/sasl2/smtpd.conf: > > pwcheck_method: saslauthd > mech_list: plain login > > saslauthd is being run with the "-a getpwent" flags from /etc/rc.conf. > > Postfix is set up to use SASL: > > enable_sasl_authentication = yes > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > smtpd_sasl_local_domain = $myhostname > broken_sasl_auth_clients = yes > > However, when I test with a base64-encoded username\0username\0password > string, it doesn't authenticate: > > Nov 13 07:46:29 taz postfix/smtpd[327]: < localhost[127.0.0.1]: AUTH PLAIN > bWludGVyAG1pbnRlcgBjaGFuZ2VtZQ== > Nov 13 07:46:29 taz postfix/smtpd[327]: smtpd_sasl_authenticate: > sasl_method PLAIN, init_response bWludGVyAG1pbnRlcgBjaGFuZ2VtZQ== > Nov 13 07:46:29 taz postfix/smtpd[327]: smtpd_sasl_authenticate: decoded > initial response minter > Nov 13 07:46:29 taz postfix/smtpd[327]: warning: SASL authentication > failure: Password verification failed > Nov 13 07:46:29 taz postfix/smtpd[327]: warning: localhost[127.0.0.1]: > SASL PLAIN authentication failed > Nov 13 07:46:29 taz postfix/smtpd[327]: > localhost[127.0.0.1]: 535 Error: > authentication failed > > Does anyone know what I'm doing wrong? Yep. I went through the same headache. See my post here: http://lists.freebsd.org/pipermail/freebsd-security/2003-July/000517.html Cheers, Drew