DaveQB's Rambles

I had what seemed randability in being able to login remotely using SSH and public rsa keys. It didn't seem to make sense, but some accounts on some SSH servers would work and others wouldn't. I finally noticed this in the logs on a server: So i ran: So then ran: And now all workies!!! YAY!!

Haven't read it all yet, but looks interesting. http://www.tomergabel.com/Getting+Used+To+OpenOfficeorg.aspx

Well setting up Postfix to allow users to send mail external to your network by simply authenticating like they do to retrieve mail has been a much harder system to setup then one can imagine and then it should be. Well it seems this time around it didnt take me a whole night (yes last time it took me 7 hours, an all nighter to get it going). What i did was quite simply follow this links tutorial on it, except i used binary packages rather then compiling from source. http://www.informit.com/articles/article.asp?p=24672&seqNum=4 Also follow the the readme that comes with the package, located at: /usr/share/doc/postfix-2.1.5/html/SASL_README.html What i did was:

1. Added to main.cf:
   • smtpd_sasl_auth_enable = yes
   • smtpd_sasl_path = smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
   • smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated (+ current options like check_relay_domains )
   • smtpd_sasl_application_name = smtpd
   • smtpd_sasl_local_domain = $myhostname
2. Added to /etc/postfix/sasl/smtpd.conf:
   • pwcheck_method: saslauthd
   • saslauthd_path: /var/lib/sasl2/mux
   • mech_list: plain login (saslauthd can only support these too :( )
3. started saslauthd like so: "saslauthd -m /var/lib/sasl2/ -a pam"

Make sure to also install the plain and login libraries. I needed packages libsasl2-plug-plain and libsasl2-plug-login. Hope that helps someone in the future, most likely me :)

I have learnt this before, but have since forgotten and thus need to blog this one. To access MySQL locally you need a user that has local access allowed. To then access this same MySQL server remotely with the same user name, you need to in fact create a new user with access from the specified network, or simple from any "Host". If you simply change the one and only user name to allow from any and thats it, then your in turn blocking the account from remote AND local access. I am guessing its a compiled in security feature that could possibly be disabled at the --configure part of the compile but I dont want to recompile the whole server.