Re: [exim] Current solutions for smtp auth via pam

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Jochen Gensch
Ημερομηνία:  
Προς: Sam Michaels, exim-users
Υ/ο: 
Αντικείμενο: Re: [exim] Current solutions for smtp auth via pam
Sam Michaels schrieb:

> You should definitely do what I suggested earlier and use the debug
> output to see EXACTLY what is happening.


Your are right. Here we go:

[...]
22:10:12 51666 250-SIZE 52428800
22:10:12 51666 250-PIPELINING
22:10:12 51666 250-AUTH PLAIN LOGIN
22:10:12 51666 250 HELP
22:10:12 51666 Calling SSL_read(8112800, 8137000, 4096)
22:10:19 51666 SMTP<< AUTH PLAIN AHN0YXR1cwB1Z2F1Z2E=
22:10:19 51666 expanding: $2
22:10:19 51666    result: USER
22:10:19 51666 expanding: $3
22:10:19 51666    result: PASS
22:10:19 51666 Running saslauthd authentication for user "USER"
22:10:19 51666 saslauthd userid='USER' servicename='' realm=''
22:10:19 51666 Answer 'NO PAM start error' received.
22:10:19 51666 saslauthd: access denied (NO PAM start error)
22:10:19 51666 condition: saslauthd{{$2}{$3}}
22:10:19 51666    result: false
22:10:19 51666 expanding: 1
22:10:19 51666    result: 1
22:10:19 51666 skipping: result is not used
22:10:19 51666 expanding: 0
22:10:19 51666    result: 0
22:10:19 51666 expanding: ${if saslauthd{{$2}{$3}}{1}{0}}
22:10:19 51666    result: 0
22:10:19 51666 plain authenticator:
22:10:19 51666   $1 =
22:10:19 51666   $2 = USER
22:10:19 51666   $3 = PASS
22:10:19 51666 expanded string: 0
22:10:19 51666 expanding: $2
22:10:19 51666    result: USER
22:10:19 51666 SMTP>> 535 Incorrect authentication data
22:10:19 51666 tls_do_write(811a000, 35)
22:10:19 51666 SSL_write(SSL, 811a000, 35)
22:10:19 51666 outbytes=35 error=0
22:10:19 51666 LOG: MAIN REJECT
22:10:19 51666   plain authenticator failed for ([127.0.0.1])
[10.0.0.7]: 535 Incorrect authentication data (set_id=USER)
22:10:19 51666 Calling SSL_read(8112800, 8137000, 4096)
22:10:19 51666 SMTP<< AUTH LOGIN
22:10:19 51666 host in smtp_accept_max_nonmail_hosts? yes (matched "*")
22:10:19 51666 SMTP>> 334 VXNlcm5hbWU6
22:10:19 51666 tls_do_write(811a000, 18)
22:10:19 51666 SSL_write(SSL, 811a000, 18)
22:10:19 51666 outbytes=18 error=0
22:10:19 51666 Calling SSL_read(8112800, 8137000, 4096)
22:10:19 51666 SMTP>> 334 UGFzc3dvcmQ6
22:10:19 51666 tls_do_write(811a000, 18)
22:10:19 51666 SSL_write(SSL, 811a000, 18)
22:10:19 51666 outbytes=18 error=0
22:10:19 51666 Calling SSL_read(8112800, 8137000, 4096)
22:10:19 51666 expanding: $1
22:10:19 51666    result: USER
22:10:19 51666 expanding: $2
22:10:19 51666    result: PASS
22:10:19 51666 Running saslauthd authentication for user "USER"
22:10:19 51666 saslauthd userid='USER' servicename='' realm=''
22:10:19 51666 Answer 'NO PAM start error' received.
22:10:19 51666 saslauthd: access denied (NO PAM start error)
22:10:19 51666 condition: saslauthd{{$1}{$2}}
22:10:19 51666    result: false
22:10:19 51666 expanding: 1
22:10:19 51666    result: 1
22:10:19 51666 skipping: result is not used
22:10:19 51666 expanding: 0
22:10:19 51666    result: 0
22:10:19 51666 expanding: ${if saslauthd{{$1}{$2}}{1}{0}}
22:10:19 51666    result: 0
22:10:19 51666 login authenticator:
22:10:19 51666   $1 = USER
22:10:19 51666   $2 = PASS
22:10:19 51666 expanded string: 0
22:10:19 51666 expanding: $1
22:10:19 51666    result: USER
22:10:19 51666 SMTP>> 535 Incorrect authentication data
22:10:19 51666 tls_do_write(811a000, 35)
22:10:19 51666 SSL_write(SSL, 811a000, 35)
22:10:19 51666 outbytes=35 error=0
22:10:19 51666 LOG: MAIN REJECT
22:10:19 51666   login authenticator failed for ([127.0.0.1])
[10.0.0.7]: 535 Incorrect authentication data (set_id=USER)
22:10:19 51666 Calling SSL_read(8112800, 8137000, 4096)
22:10:21 51666 SSL info: SSL negotiation finished successfully
22:10:21 51666 Got SSL_ERROR_ZERO_RETURN
22:10:21 51666 SMTP>> 421 ms.homeip.net lost input connection
22:10:21 51666 LOG: smtp_connection MAIN
22:10:21 51666   SMTP connection from ([127.0.0.1]) [10.0.0.7] lost
[...]


So it really seems to be a access rights problem. I also can't run
testsaslauthd from another user than root if that matters.

Jochen