On 1/15/06, Jochen Gensch <incmc@???> wrote:
> Ok, I have tried that right now, but cannot get it working. Maybe
> someone can direct me to the right direction...
I had a heck of a time getting it to work.
First, the permissions were wrong on the directory...and they go back
to being wrong everytime the box is rebooted. Default location of the
socket is for me is /var/lib/sasl2/mux (specified in the
Local/Makefile)...probably a misconfiguration on my part, but if the
box gets rebooted I'm there anyway.
Next, the authenticators I use are:
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_set_id = $2
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_advertise_condition = true
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_set_id = $1
server_advertise_condition = true
I could force some security with $tls_cipher or something, but it
wasn't working properly with MS Outlook clients.
Then PAM wasn't working right for some reason. I had to change
/etc/pam.d/saslauthd to:
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
And /etc/pam.d/system-auth to:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth required pam_deny.so
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
Then it magically started working for valid users on the box.
Sam
