Subject: SASL2/PAM LDAP problem
From: Jayson Henkel (jhenkel at sterlingcrane dot ca)
Date: Thu May 01 2003 - 12:01:41 EDT
I've upgraded to SASL2 and am attempting to figure out why my smtp auth
broke. I've got the following errors generated in my auth.log.
Apr 30 11:36:04 ruto saslauthd: DEBUG: auth_pam: pam_authenticate
failed: User not known to the underlying authentication module
Apr 30 11:36:04 ruto saslauthd: AUTHFAIL:
user=jhenkel at sterlingcrane dot ca service=smtp realm=sterlingcrane.ca [PAM
my /etc/postfix/sasl/smtp.conf has pwcheck_method: saslauthd
/etc/default/saslauthd methods is pam
/etc/pam.d/smtp looks like
auth required pam_ldap.so
account required pam_ldap.so
password required pam_ldap.so use_authtok
session required pam_ldap.so
My ldap authentication works for all my other services (ssh, login, sudo
I've checked the permissions on /var/run/saslauthd. That doesn't seem to
be a problem.
I think the problem is related to saslauthd appending the realm to the
username to check against the directory. jhenkel exists, but
jhenkel at sterlingcrane dot ca doesn't. Unfortunately I don't know how to
strip the realm out, and a google search isn't being very helpful.
Can anyone suggest whether I'm on the right track, and if so how to
remove the sasl realm from the auth attempt?