Re: [exim] authentication against SASL

Top Page
Delete this message
Reply to this message
Author: Odhiambo Washington
Date:  
To: Johannes Nohl
CC: exim-users
Subject: Re: [exim] authentication against SASL
On Fri, Mar 14, 2008 at 3:44 PM, Johannes Nohl <johannes.nohl@???>
wrote:

> Dear list,
>
> I'm trying to configure Exim version 4.69 on OpenSuse 10.3 to
> authenticate against cyrus SASL2. SASL works well.
>
> # testsaslauthd -u user -p password -f /var/run/sasl2/mux
>
> returns: 0: OK "Success."
>
> According to http://wiki.exim.org/AuthenticatedSmtpUsingSaslauthd I
> added to exim.conf:
>
> # ACL
>
>  accept  authenticated = *
>          control       = submission

>
>
> # AUTHENTICATION CONFIGURATION
>
> plain:
> driver = plaintext
> public_name = PLAIN
> server_set_id = $2
> server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
> server_advertise_condition = true



You're missing "server_prompts = :" in that authenticator

login:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
> server_set_id = $1
> server_advertise_condition = true
>


This one looks fine.

I don't know how to ask exim what's the path of the compiled in sasl
> socket. But looking inside the exim binary I found /var/run/sasl2/mux.
> That makes me thinking that sasl support and the right socket is
> compiled in.



Should be then!
The problem could be that the exim_user cannot read from the socket.
Please check that too. The last time I dealt with such a situation what I
did was to make the socket readable by exim_user.
The following entries were in my /etc/rc.conf to start the saslauthd:

# We use SASLAUTHD for ASMTP
saslauthd_enable="YES"      # Enable saslauthd
saslauthd_flags="-a pam"    # Flags to saslauthd program
#saslauthd_flags="-a rimap -O localhost" # if you want to auth against IMAP
server
saslauthd_runpath="/var/run/saslauthd"       # Working directory
saslauthd_program="/usr/local/sbin/saslauthd"   # Location of saslauthd


(That is on FreeBSD. I don't know much on Linux, so YMMV).


Using the user and password of testsaslauthd above I can't send mails.
> Thunderbird asks for user and pass but giving the right values sending
> fails. The logs say:
>
> # tail /var/log/exim/reject.log:
> 2008-03-14 13:30:32 plain authenticator failed for ([192.168.xx.xx])
> [91.xx.xx.xx]: 535 Incorrect authentication data
>
> No entry in panic.log.
>
> # tail /var/log/exim/mail.log:
> 2008-03-14 13:46:14 no host name found for IP address 91.xx.xx.x
> 2008-03-14 13:46:17 plain authenticator failed for ([192.168.xx.xx])
> [91.xx.xx.xx]: 535 Incorrect authentication data
>
> I don't know where to look now. Is the server_condition right? exim
> doc in packages recommends



Yes, server_condition are right in the above authenticators. Is the
saslauthd running and can exim_user read from the socket?
That could be where your solution lies.


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

"Oh My God! They killed init! You Bastards!"
--from a /. post