Bug#330309: exim4-config: smtp auth using plain_saslauthd_server and login_saslauthd_server fail if pam mechanism selected

Andreas Metzler ametzler at downhill.at.eu.org
Tue Sep 27 17:26:38 UTC 2005 

tags 330309 = unreproducible
thanks
On 2005-09-27 Nick Woolley <nick at noodlefactory.co.uk> wrote:
> Package: exim4-config
> Version: 4.50-8
> Severity: normal
> Tags: patch
[sasl]
> If the examples in the config are used to authenticate smtp
> connections using saslauthd, it fails if saslauthd is configured in
> /ec/default/saslauthd to use the pam mechanism.
[...]
> A pam configuration file /etc/pam.d/exim4 containing something like
> the following is required:

> auth        required    pam_unix.so
> account     required    pam_unix.so
> password    required    pam_unix.so

No, sasl should be opaque to the app, i.e. I would not need
to change _backends_ like PAM or SQL for a specific application using
SASL.

/etc/pam.d/exim4 should only be necessary if exim _directly_ invoked
PAM.

FWIW I've just tested this.

#1 apt-get install sasl2-bin
#2 adduser Debian-exim sasl
#3 Change exim4 configuration to enable TLS and SASL authenticators.
#4 Edit  /etc/default/saslauthd  and set START=yes. (MECHANISMS="pam"
stays unchanged.)
#5 /etc/init.d/saslauthd start
#6 /etc/init.d/exim4 reload

And voila, testing with swaks worked flawlessly.
 5028 250-AUTH PLAIN LOGIN
 5028 250 HELP
 5028 Calling gnutls_record_recv(8122528, 8124750, 4096)
 5028 SMTP<< AUTH PLAIN xxxxxxxxxxxxxxxxxxxxxxxxx
 5028 Running saslauthd authentication for user "ametzler"
 5028 saslauthd userid='ametzler' servicename='' realm=''
 5028 Answer 'OK' received.
 5028 saslauthd: success (OK)
 5028 plain_saslauthd_server authenticator:
 5028   $1 =
 5028   $2 = ametzler
 5028   $3 = XXXXXXXXXXXXXXX
 5028 expanded string: 1
 5028 SMTP>> 235 Authentication succeeded
[...]
 5028 processing "accept"
 5028 check authenticated = *
 5028 plain_saslauthd_server in "*"? yes (matched "*")
 5028 accept: condition test succeeded
 5028 SMTP>> 250 Accepted
                     cu andres
-- 
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"

More information about the Pkg-exim4-maintainers mailing list