1

I have an saslauthd setup to authenticate against PAM. It seems to do its stuff:

root@sasltest:~# testsaslauthd -u quest -p #### -s smtp
0: OK "Success."

I have libsasl 2.1.23, postfix 2.7.1.

I have a postfix configured thus:

smtpd_sasl_type = cyrus
smtpd_sasl_path = /var/spool/postfix/private/saslauthd/mux
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

With a master.cf thus:

submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

However, trying to authenticate in this postfix gives the following error message:

Jan 23 22:13:14 sasltest postfix/smtpd[1252]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jan 23 22:13:14 sasltest postfix/smtpd[1252]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jan 23 22:13:14 sasltest postfix/smtpd[1252]: warning: X[A.B.C.D]: SASL LOGIN

authentication failed: authentication failure

Meanwhile, there is no output from my debug-logging saslauthd.

I interpret this as meaning that libsasl2 tries to uses sasldb auth rather than try to talk to saslauthd. What I can't figure out how to tell libsasl that I want it to talk to saslauthd.

Various instructions inform you to create a file /etc/sasl2/smtpd.conf or /etc/postfix/sasl/smtpd.conf. I have tried creating these files containing:

pwcheck_method: saslauthd
mech_list: LOGIN PLAIN

But to no effect.

How do I instruct libsasl to use saslauthd authentication?

(I can of course create /var/spool/postfix/etc/sasldb2, but this will still not result in connections to saslauthd.)

Bittrance
  • 2,970
  • 2
  • 21
  • 27

3 Answers3

3

This cyrus-sasl mailing list post eventually set me on the right path.

For posterity, an attempt to produce reasonably explicit config. /etc/postfix/main.cf:

smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
cyrus_sasl_config_path = /etc/postfix/sasl
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

The trick in above conf is that postfix+libsasl2 does this: ${cyrus_sasl_config_path}/${smtpd_sasl_path}.conf

Once we have gotten that far, in /etc/postfix/sasl/smtpd.conf we can tell libsasl that we wanna talk to saslauthd:

pwcheck_method: saslauthd
mech_list: LOGIN PLAIN
saslauthd_path: private/saslauthd/mux

Since smtpd is chrooted, saslauthd_path is relative to /var/spool/postfix. I use bind mounting to get /var/run/saslauthd into private.

Bittrance
  • 2,970
  • 2
  • 21
  • 27
1

Stumbling over similar issue in Ubuntu 20.04. There, the cyrus_sasl_config_path parameter to postfix isn't recognized at all. It's looking up /etc/postfix/sasl2/ for containing the smtpd.conf instead.

In Ubuntu 20.04 smtpd seems to be chrooted by default. However, its chroot preparation script in /usr/lib/postfix/configure-instance.sh isn't covering any SASL-related files, thus you have to put it into chroot manually.

  1. Create the missing folder in chroot:

    mkdir -p /var/spool/postfix/etc/postfix/sasl2

  2. Create the SASL2 configuration file there:

    cat >>/var/spool/postfix/etc/postfix/sasl2/smtpd.conf <<EOT
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN
EOT

  3. Link it from related global folder:

    mkdir -p /etc/postfix/sasl2
ln -s /var/spool/postfix/etc/postfix/sasl2/smtpd.conf /etc/postfix/sasl2/smtpd.conf

  4. Make sure saslauthd socket is available in folder /var/spool/postfix/var/run/saslauthd/. You can control this by adjusting file /etc/default/saslauthd. See the comments found in that file.

Thomas Urban
  • 192
  • 1
  • 10
0

I struggled with this for about an hour before figuring out via strace -f -p piding the running postfix process that it couldn't find my sasldb2 file because it was putting itself in a chroot.

Edit /etc/postfix/master.cf and put an n in the chroot column. Restart postfix. Should work now.

mbac32768
  • 848
  • 1
  • 7
  • 13