Bug 995900 - Postfix should say authentication fails because the corresponding cyrus sasl module isn't installed
Postfix should say authentication fails because the corresponding cyrus sasl ...
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: postfix (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jaroslav Škarvada
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-11 18:59 EDT by David Tonhofer
Modified: 2013-08-12 07:35 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-12 07:35:32 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Tonhofer 2013-08-11 18:59:41 EDT
Description of problem:
-----------------------

Probably needs to be kicked upstream.

Configure postfix to do STARTTLS + SASL password authentication. Anonyomous login is disallowed using "noanonymous"

It just doesn't work.

In the log:

Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp[12978]: starting new SASL client
Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp[12978]: name_mask: noanonymous
Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp[12978]: smtp_sasl_authenticate: mail.your-server.de[78.46.5.205]:587: SASL mechanisms LOGIN PLAIN
Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp[12978]: warning: SASL authentication failure: No worthy mechs found

After some time it turns out that postfix/smtp does not find "worthy mechs" for plaintext login because....

$ yum install cyrus-sasl-plain

was not performed, i.e. the Cyrus SASL module was missing

Postfix should really say "I can't do it ... and these are the mechanisms currently known: ... maybe look at your cyrus sasl packages"

So that one gets a hint about what might be going wrong.

Version-Release
---------------

postfix-2.10.1-1.fc19.x86_64
Comment 1 Jaroslav Škarvada 2013-08-12 07:35:32 EDT
This is documented, http://www.postfix.org/SASL_README.html#client_sasl:

> This default policy, which allows no plaintext passwords, leads to
> authentication failures if the remote server only offers plaintext
> authentication mechanisms (the SMTP server announces "AUTH PLAIN LOGIN"). In
> such cases the SMTP client will log the following error message:
>
>    SASL authentication failure: No worthy mechs found
>
>    Note
>
>    This same error message will also be logged when the libplain.so or
> liblogin.so modules are not installed in the /usr/lib/sasl2 directory.

The libplain.so and liblogin.so are provided by 'cyrus-sasl-plain' package and this package is provided by 'standard' group which is required by most of the other groups.

This shouldn't happen in the default installation and it is also documented in the upstream documentation, thus it is not a bug, but RFE that should be addressed upstream.

Note You need to log in before you can comment on or make changes to this bug.