基于LDAP的邮件验证

背景：

基于LDAP的邮件验证

1>
# postconf -n |grep smtpd_sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot

# vim /etc/dovecot.conf
socket listen {
    #master {
      # Master socket provides access to userdb information. It's typically
      # used to give Dovecot's local delivery agent access to userdb so it
      # can find mailbox locations.
      #path = /var/run/dovecot/auth-master
      #mode = 0600
      # Default user/group is the one who started dovecot-auth (root)
      #user =
      #group =
    #}
    client {
      # The client socket is generally safe to export to everyone. Typical use
      # is to export it to your SMTP server so it can do SMTP AUTH lookups
      # using it.
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}
# less /usr/share/doc/postfix-2.3.3/README_FILES/SASL_README

perl -MMIME::Base64 -e         'print encode_base64("username\0username\0password");'
 perl -MMIME::Base64 -e 'print encode_base64("\0psir\@extmail.org\0f");'
AHBzaXJAZXh0bWFpbC5vcmcAZg==

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 desktop92.example.com ESMTP Postfix
auth plain AHBzaXJAZXh0bWFpbC5vcmcAZg==
235 2.0.0 Authentication successful

2>
/usr/share/doc/cyrus-sasl-2.1.22
# cat /usr/lib64/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list:plain login
saslauthd_path:/var/run/saslauthd/mux

# cat /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file, and so
# on.  This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=ldap   //将pam验证改成ldap验证

# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
# for the list of accepted flags.
FLAGS=

# cat /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1/
ldap_auth_method: bind
ldap_bind_dn: cn=Manager,dc=extmail.org
ldap_bind_pw: westos
ldap_filter:(&(objectClass=extmailUser)(mail=%U@%d))
ldap_base: dc=extmail.org
ldap_search_base: o=extmailAccount,dc=extmail.org

# /etc/init.d/saslauthd restart
# testsaslauthd -u psir@extmail.org -p f
0: OK "Success."
#perl -MMIME::Base64 -e 'print encode_base64("\0psir\@extmail.org\0f");'
AHBzaXJAZXh0bWFpbC5vcmcAZg==
还可以使用telnet来测试
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 desktop92.example.com ESMTP Postfix
auth plain AHBzaXJAZXh0bWFpbC5vcmcAZg==
235 2.0.0 Authentication successful

Samba 企业应用案例分享

[LNMP]RHEL 6.0+Nginx 1.0.2+MySQL 5.5.12+PHP 5.3.6

相关资讯       ldap 

本文评论 　　查看全部评论 (0)

评论声明

尊重网上道德，遵守中华人民共和国的各项有关法律法规

承担一切因您的行为而直接或间接导致的民事或刑事法律责任

本站管理人员有权保留或删除其管辖留言中的任意内容

本站有权在网站内转载或引用您的评论

参与本评论即表明您已经阅读并接受上述条款

最新资讯