[Postfixbuch-users] SASL "Problemchen"

Matthias Haegele mhaegele at linuxrocks.dyndns.org
Di Dez 11 10:25:10 CET 2007 

Patrick Ben Koetter schrieb:
> * Matthias Haegele <mhaegele at linuxrocks.dyndns.org>:
>> Hallo Ihr!
>>
>> Folgendes will nicht bei mir, sobald ich die nodictionary option anfüge 
>> krachts.:
>>
>>> smtpd_sasl_security_options = noanonymous, nodictionary
>>> Dec 11 10:05:59 hermes postfix/smtpd[3303]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms
> 
> Ja, da bleibt von dem was Du anbietest nichts übrig, was Postfix verwenden
> könnte. nodictionary ist IIRC nur EXTERNAL und GSSAPI. Beide sind auch noch
> mutual_auth als policy.
> 
> Du nutzt doch Debian, oder? Dann wirf mal den "saslpluginviewer" und der sagt
> Dir dann, welcher Mechanismus in welche policy Kategorie fällt.

Super Mr. SASL ist da ;-).

Danke dir p at rick. Jetzt wirds klarer das ging mir aus der Doku nicht hervor,
ich dachte: Super neu: nodictionary, geiles Feature das will ich.

Wollte sowieso mal tls und digest anbieten aber das on another day ...

> saslpluginviewer
> Installed SASL (server side) mechanisms are:
> NTLM LOGIN PLAIN ANONYMOUS DIGEST-MD5 CRAM-MD5 EXTERNAL
> List of server plugins follows
> Plugin "ntlm" [loaded],         API version: 4
>         SASL mechanism: NTLM, best SSF: 0, supports setpass: no
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT
>         features: WANT_CLIENT_FIRST
> Plugin "login" [loaded],        API version: 4
>         SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
>         security flags: NO_ANONYMOUS
>         features:
> Plugin "plain" [loaded],        API version: 4
>         SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
>         security flags: NO_ANONYMOUS
>         features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
> Plugin "anonymous" [loaded],    API version: 4
>         SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
>         security flags: NO_PLAINTEXT
>         features: WANT_CLIENT_FIRST
> Plugin "digestmd5" [loaded],    API version: 4
>         SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
>         features: PROXY_AUTHENTICATION
> Plugin "crammd5" [loaded],      API version: 4
>         SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT
>         features: SERVER_FIRST
> Installed auxprop mechanisms are:
> sasldb
> List of auxprop plugins follows
> Plugin "sasldb" ,       API version: 4
>         supports store: yes
> 
> Installed SASL (client side) mechanisms are:
> NTLM LOGIN PLAIN ANONYMOUS DIGEST-MD5 CRAM-MD5 EXTERNAL
> List of client plugins follows
> Plugin "ntlm" [loaded],         API version: 4
>         SASL mechanism: NTLM, best SSF: 0
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT
>         features: WANT_CLIENT_FIRST
> Plugin "login" [loaded],        API version: 4
>         SASL mechanism: LOGIN, best SSF: 0
>         security flags: NO_ANONYMOUS
>         features: SERVER_FIRST
> Plugin "plain" [loaded],        API version: 4
>         SASL mechanism: PLAIN, best SSF: 0
>         security flags: NO_ANONYMOUS
>         features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
> Plugin "anonymous" [loaded],    API version: 4
>         SASL mechanism: ANONYMOUS, best SSF: 0
>         security flags: NO_PLAINTEXT
>         features: WANT_CLIENT_FIRST
> Plugin "digestmd5" [loaded],    API version: 4
>         SASL mechanism: DIGEST-MD5, best SSF: 128
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
>         features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN
> Plugin "crammd5" [loaded],      API version: 4
>         SASL mechanism: CRAM-MD5, best SSF: 0
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT
>         features: SERVER_FIRST
> Plugin "EXTERNAL" [loaded],     API version: 4
>         SASL mechanism: EXTERNAL, best SSF: 0
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
>         features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION

>>> Dec 11 10:05:59 hermes postfix/smtpd[3303]: fatal: no SASL authentication mechanisms
>>> Dec 11 10:06:00 hermes postfix/master[2457]: warning: process /usr/lib/postfix/smtpd pid 3303 exit status 1
>>> Dec 11 10:06:00 hermes postfix/master[2457]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
>>> hermes:~# postconf -n
>>> smtpd_sasl_auth_enable = yes
>>> smtpd_sasl_authenticated_header = yes
>>> smtpd_sasl_local_domain =
>>> smtpd_sasl_security_options = noanonymous, nodictionary
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> Da scheint irgendwie der Hund begraben?
>>
>> ii  postfix        2.3.8-2+b1     A high-performance mail transport agent
>>> ii  libsasl2-2     2.1.22.dfsg1-8 Authentication abstraction library
>>> ii  libsasl2-modul 2.1.22.dfsg1-8 Pluggable Authentication Modules for SASL
>>> ii  sasl2-bin      2.1.22.dfsg1-8 Administration programs for SASL users datab
>> Danke im Voraus!
>>
>>
>> -- 
>> Grüsse/Greetings
>> MH
>>
>>
>> Dont send mail to: ubecatcher at linuxrocks.dyndns.org
>> --
>>
>> -- 
>> _______________________________________________
>> Postfixbuch-users -- http://www.postfixbuch.de
>> Heinlein Professional Linux Support GmbH
>>
>> Postfixbuch-users at listi.jpberlin.de
>> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
> 


-- 
Grüsse/Greetings
MH


Dont send mail to: ubecatcher at linuxrocks.dyndns.org
--

Mehr Informationen über die Mailingliste Postfixbuch-users