fatal: no SASL authentication mechanisms
in [Postfix]
|
Prev: Unknown Users
Next: Race condition in postmap?
From: Patrick Ben Koetter on 13 Feb 2010 12:39 * Jeff Lacki <jeep(a)rahul.net>: > >> smtpd_sasl_security_options = noanonymous, noplaintext > >> smtpd_tls_sasl_security_options = noanonymous > >> SMTPD crashed. I really can't understand where is a problem. > > > Blind guess: There are no other mechanisms installed. > > > If that doesn't fix it, send debug output. > > Dumb question Im sure, but how does one install other > mechanisms like the ones listed in dovecot.conf: That depends on the SASL provider. In Dovecot they are all there and you create/configure a list of mechanisms that should be propagated to Postfix. > digest-md5 cram-md5 ntlm rpa apop gssapi otp skey gss-spnego > > Im personally interested in digest-md5 and if you have > particular feelings about the others, Id like to know > as well. In Cyrus SASL you install them into /usr/lib/sasl2/ and tell smtpd.conf which ones to list with the mech_list parameter. > Are these yum packages (which I tried under the names above > with no luck)? Where do I acquire them? For which SASL provider? p(a)rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
From: Jeff Lacki on 13 Feb 2010 12:45 >> Are these yum packages (which I tried under the names above >> with no luck)? Where do I acquire them? > For which SASL provider? Im assuming digest-md5 is good enough, unless you think another mechanism is better? Jeff
From: Patrick Ben Koetter on 13 Feb 2010 12:55
* Jeff Lacki <jeep(a)rahul.net>: > >> Are these yum packages (which I tried under the names above > >> with no luck)? Where do I acquire them? > > > For which SASL provider? > > Im assuming digest-md5 is good enough, unless > you think another mechanism is better? plain and login are plaintext mechanisms. You can store the password crypted, but the credentials are sent base64 encoded only. If someone reads them when they are sent they are easily base64-decoded. cram-md5, digest-md5 and ntlm are shared-secret mechanisms. They require passwords to be stored in cleartext. If the database is stolen all passwords are compromised. OTOH these mechanisms never send the password over the net. They are safe to use during transmission. The safest way is to use plaintext mechanisms and shield the transport with a TLS encrypted session. p(a)rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> |