[Postfixbuch-users] SASL "Problemchen"
Matthias Haegele
mhaegele at linuxrocks.dyndns.org
Di Dez 11 10:25:10 CET 2007
Patrick Ben Koetter schrieb:
> * Matthias Haegele <mhaegele at linuxrocks.dyndns.org>:
>> Hallo Ihr!
>>
>> Folgendes will nicht bei mir, sobald ich die nodictionary option anfüge
>> krachts.:
>>
>>> smtpd_sasl_security_options = noanonymous, nodictionary
>>> Dec 11 10:05:59 hermes postfix/smtpd[3303]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms
>
> Ja, da bleibt von dem was Du anbietest nichts übrig, was Postfix verwenden
> könnte. nodictionary ist IIRC nur EXTERNAL und GSSAPI. Beide sind auch noch
> mutual_auth als policy.
>
> Du nutzt doch Debian, oder? Dann wirf mal den "saslpluginviewer" und der sagt
> Dir dann, welcher Mechanismus in welche policy Kategorie fällt.
Super Mr. SASL ist da ;-).
Danke dir p at rick. Jetzt wirds klarer das ging mir aus der Doku nicht hervor,
ich dachte: Super neu: nodictionary, geiles Feature das will ich.
Wollte sowieso mal tls und digest anbieten aber das on another day ...
> saslpluginviewer
> Installed SASL (server side) mechanisms are:
> NTLM LOGIN PLAIN ANONYMOUS DIGEST-MD5 CRAM-MD5 EXTERNAL
> List of server plugins follows
> Plugin "ntlm" [loaded], API version: 4
> SASL mechanism: NTLM, best SSF: 0, supports setpass: no
> security flags: NO_ANONYMOUS|NO_PLAINTEXT
> features: WANT_CLIENT_FIRST
> Plugin "login" [loaded], API version: 4
> SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
> security flags: NO_ANONYMOUS
> features:
> Plugin "plain" [loaded], API version: 4
> SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
> security flags: NO_ANONYMOUS
> features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
> Plugin "anonymous" [loaded], API version: 4
> SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
> security flags: NO_PLAINTEXT
> features: WANT_CLIENT_FIRST
> Plugin "digestmd5" [loaded], API version: 4
> SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
> security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
> features: PROXY_AUTHENTICATION
> Plugin "crammd5" [loaded], API version: 4
> SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
> security flags: NO_ANONYMOUS|NO_PLAINTEXT
> features: SERVER_FIRST
> Installed auxprop mechanisms are:
> sasldb
> List of auxprop plugins follows
> Plugin "sasldb" , API version: 4
> supports store: yes
>
> Installed SASL (client side) mechanisms are:
> NTLM LOGIN PLAIN ANONYMOUS DIGEST-MD5 CRAM-MD5 EXTERNAL
> List of client plugins follows
> Plugin "ntlm" [loaded], API version: 4
> SASL mechanism: NTLM, best SSF: 0
> security flags: NO_ANONYMOUS|NO_PLAINTEXT
> features: WANT_CLIENT_FIRST
> Plugin "login" [loaded], API version: 4
> SASL mechanism: LOGIN, best SSF: 0
> security flags: NO_ANONYMOUS
> features: SERVER_FIRST
> Plugin "plain" [loaded], API version: 4
> SASL mechanism: PLAIN, best SSF: 0
> security flags: NO_ANONYMOUS
> features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
> Plugin "anonymous" [loaded], API version: 4
> SASL mechanism: ANONYMOUS, best SSF: 0
> security flags: NO_PLAINTEXT
> features: WANT_CLIENT_FIRST
> Plugin "digestmd5" [loaded], API version: 4
> SASL mechanism: DIGEST-MD5, best SSF: 128
> security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
> features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN
> Plugin "crammd5" [loaded], API version: 4
> SASL mechanism: CRAM-MD5, best SSF: 0
> security flags: NO_ANONYMOUS|NO_PLAINTEXT
> features: SERVER_FIRST
> Plugin "EXTERNAL" [loaded], API version: 4
> SASL mechanism: EXTERNAL, best SSF: 0
> security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
> features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
>>> Dec 11 10:05:59 hermes postfix/smtpd[3303]: fatal: no SASL authentication mechanisms
>>> Dec 11 10:06:00 hermes postfix/master[2457]: warning: process /usr/lib/postfix/smtpd pid 3303 exit status 1
>>> Dec 11 10:06:00 hermes postfix/master[2457]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
>>> hermes:~# postconf -n
>>> smtpd_sasl_auth_enable = yes
>>> smtpd_sasl_authenticated_header = yes
>>> smtpd_sasl_local_domain =
>>> smtpd_sasl_security_options = noanonymous, nodictionary
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> Da scheint irgendwie der Hund begraben?
>>
>> ii postfix 2.3.8-2+b1 A high-performance mail transport agent
>>> ii libsasl2-2 2.1.22.dfsg1-8 Authentication abstraction library
>>> ii libsasl2-modul 2.1.22.dfsg1-8 Pluggable Authentication Modules for SASL
>>> ii sasl2-bin 2.1.22.dfsg1-8 Administration programs for SASL users datab
>> Danke im Voraus!
>>
>>
>> --
>> Grüsse/Greetings
>> MH
>>
>>
>> Dont send mail to: ubecatcher at linuxrocks.dyndns.org
>> --
>>
>> --
>> _______________________________________________
>> Postfixbuch-users -- http://www.postfixbuch.de
>> Heinlein Professional Linux Support GmbH
>>
>> Postfixbuch-users at listi.jpberlin.de
>> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
>
--
Grüsse/Greetings
MH
Dont send mail to: ubecatcher at linuxrocks.dyndns.org
--
Mehr Informationen über die Mailingliste Postfixbuch-users