Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: SASL authentication failure: cannot connect to Courier authdaemond: Permission denied
572 views
Skip to first unread message
Patrick Ben Koetter
Jan 8, 2008, 6:42:48 AM1/8/08
to
* AlxFrag <alx...@gmail.com>:
> pwcheck_method: authdaemond
> mech_list: PLAIN LOGIN
> authdaemond_path: /usr/local/var/spool/authdaemon/socket
>
> ls -l /usr/local/var/spool/authdaemon/socket shows:
> pwcheck_method: authdaemond
> mech_list: PLAIN LOGIN
> authdaemond_path: /usr/local/var/spool/authdaemon/socket
>
> ls -l /usr/local/var/spool/authdaemon/socket shows:
What are the permissions on the directory? Is Postfix in the group that may
read that directory?
p@rick
>
> srwxrwxrwx 1 root root 0 2008-01-08 13:15
>
> Any ideas?
>
> Thanks in advance,
> Alexandros
>
>
>
--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
mouss
Jan 8, 2008, 6:48:26 AM1/8/08
to
AlxFrag wrote:
> hi,
>
> i'm trying to use cyrus sasl with postfix. but i get the error: "SASL
> authentication failure: cannot connect to Courier authdaemond:
> Permission denied".
>
> postconf -n shows:
>
> alias_maps = hash:/etc/postfix/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> html_directory = no
> local_recipient_maps = ldap:/etc/postfix/local_recipients.cf
> mail_owner = postfix
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/local/man
> message_size_limit = 20480000
> mydestination =
> mydomain = soc.uoc.gr
> mynetworks = 127.0.0.1, my_other_ips
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = no
> recipient_delimiter = +
> sample_directory = /etc/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = postdrop
> smtpd_recipient_restrictions =
> permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_path = smtpd
> smtpd_sender_restrictions = check_sender_access
> hash:/etc/postfix/block_senders
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = hash:/etc/postfix/alias_domains
> virtual_gid_maps = ldap:/etc/postfix/virtual_gid.cf
> virtual_mailbox_base = /
> virtual_mailbox_domains = my_virtual_domain
> virtual_mailbox_maps = ldap:/etc/postfix/virtual_mailbox_maps.cf
> virtual_minimum_uid = 100
> virtual_uid_maps = ldap:/etc/postfix/virtual_uid.cf
>
> **********************************************
> in smtpd.conf:
>
> pwcheck_method: authdaemond
> mech_list: PLAIN LOGIN
> authdaemond_path: /usr/local/var/spool/authdaemon/socket
>
> ls -l /usr/local/var/spool/authdaemon/socket shows:
>
> hi,
>
> i'm trying to use cyrus sasl with postfix. but i get the error: "SASL
> authentication failure: cannot connect to Courier authdaemond:
> Permission denied".
>
> postconf -n shows:
>
> alias_maps = hash:/etc/postfix/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> html_directory = no
> local_recipient_maps = ldap:/etc/postfix/local_recipients.cf
> mail_owner = postfix
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/local/man
> message_size_limit = 20480000
> mydestination =
> mydomain = soc.uoc.gr
> mynetworks = 127.0.0.1, my_other_ips
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = no
> recipient_delimiter = +
> sample_directory = /etc/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = postdrop
> smtpd_recipient_restrictions =
> permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_path = smtpd
> smtpd_sender_restrictions = check_sender_access
> hash:/etc/postfix/block_senders
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = hash:/etc/postfix/alias_domains
> virtual_gid_maps = ldap:/etc/postfix/virtual_gid.cf
> virtual_mailbox_base = /
> virtual_mailbox_domains = my_virtual_domain
> virtual_mailbox_maps = ldap:/etc/postfix/virtual_mailbox_maps.cf
> virtual_minimum_uid = 100
> virtual_uid_maps = ldap:/etc/postfix/virtual_uid.cf
>
> **********************************************
> in smtpd.conf:
>
> pwcheck_method: authdaemond
> mech_list: PLAIN LOGIN
> authdaemond_path: /usr/local/var/spool/authdaemon/socket
>
> ls -l /usr/local/var/spool/authdaemon/socket shows:
>
> srwxrwxrwx 1 root root 0 2008-01-08 13:15
>
> Any ideas?
>
> Any ideas?
try:
# su someuser
% ls -l /usr/local/var/spool/authdaemon/socket
AlxFrag
Jan 8, 2008, 7:16:54 AM1/8/08
to
#su courier
ls -l /usr/local/var/spool/authdaemon/socket
ls: cannot access /usr/local/var/spool/authdaemon/socket: Permission denied
The pop/imap server runs under the user "courier" and authentication
works fine. Permission is for some reason denied to postfix only.
Patrick Ben Koetter
Jan 9, 2008, 6:08:30 AM1/9/08
to
* AlxFrag <alx...@gmail.com>:
> mouss wrote:
> >AlxFrag wrote:
> >>>if courier is suid, it can access any file.
> >>The solution to this problem was:
> >>
> >>|chmod o+x /usr/local/var/spool/authdaemon
> >
> >it may be safer to play on groups instead of opening the directory to
> >every user (including nobody) on the machine.
> You're right. I changed the permissions using chmod 770 authdaemon so as
> all members in the group "root" can access the socket.
> I put user "postfix" in the group "root" but it doesn't work :(
> mouss wrote:
> >AlxFrag wrote:
> >>>if courier is suid, it can access any file.
> >>The solution to this problem was:
> >>
> >>|chmod o+x /usr/local/var/spool/authdaemon
> >
> >it may be safer to play on groups instead of opening the directory to
> >every user (including nobody) on the machine.
> You're right. I changed the permissions using chmod 770 authdaemon so as
> all members in the group "root" can access the socket.
> I put user "postfix" in the group "root" but it doesn't work :(
Don't!
Create a new group. Add Courier and Postfix to that group. Give permissions to
the group to access that directory.
mouss
Jan 9, 2008, 8:34:47 AM1/9/08
to
AlxFrag wrote:
> mouss wrote:
>> AlxFrag wrote:
>>>> if courier is suid, it can access any file.
>>> The solution to this problem was:
>>>
>>> |chmod o+x /usr/local/var/spool/authdaemon
>>
>> it may be safer to play on groups instead of opening the directory to
>> every user (including nobody) on the machine.
> You're right. I changed the permissions using chmod 770 authdaemon so as
> all members in the group "root" can access the socket.
> I put user "postfix" in the group "root" but it doesn't work :(
>
> mouss wrote:
>> AlxFrag wrote:
>>>> if courier is suid, it can access any file.
>>> The solution to this problem was:
>>>
>>> |chmod o+x /usr/local/var/spool/authdaemon
>>
>> it may be safer to play on groups instead of opening the directory to
>> every user (including nobody) on the machine.
> You're right. I changed the permissions using chmod 770 authdaemon so as
> all members in the group "root" can access the socket.
> I put user "postfix" in the group "root" but it doesn't work :(
>
This is worst. When a Subject needs access to an object, don't give all
objects to the subject, and don't give the object to all subjects...
0 new messages