Am Montag, 10. Mai 2004 17:33 schrieb Eric B.:
> > > I am following the Postfix-Cyrus-Web-cyradm-HOWTO. My command line is
> the
>
> > > following:
> > > > saslpasswd2 -c cyrus
> > > > Password: secret
> > > > Again (for verification): secret
> >
> > Here you create a user in /etc/sasldb2...
> >
> > > When I try to connect with cyradm:
> > > > cyradm --user cyrus --server localhost --auth plain
> > > > Password: secret
> > > > IMAP Password: secret
> > >
> > > I get the following errors in my /var/log/auth.log:
> > >
> > > May 10 00:47:21 linuxmail perl: No worthy mechs found
> > > May 10 00:52:01 linuxmail imap(pam_unix)[31961]: authentication
> > > failure; logname= uid=0 euid=0 tty= ruser= rhost= user=cyrus
> > > May 10 00:52:01 linuxmail saslauthd[31961]: pam_sm_authenticate called.
> >
> > ... but you are using saslauthd. These are two difrent storages.
>
> Ahhh - I thought they were using the same storage db, but were two
> different ways of accessing it. What authentication process uses the
> /etc/sasldb2?
The Cyrus-SASL-Library uses the auxprop-plugin sasldb and this one does the
handling of /etc/sasldb2.
> > If your passwords are unencrypted in a mysql-db, you should use the
> > sql-auxprop-plugin. In your plugin-dir should be a libsql.so*-Plugin. The
> > available options are described in ./doc/options.html
>
> Indeed I have a libsql.so* in my /usr/lib/sasl2 directory. (defined as my
> plugin directory). I've read through the options.html document, but am not
> sure where i need to specify the sql-auxprop-plugin. Does that go in the
> /usr/lib/sasl2/smptd.conf file? in a /usr/lib/sasl2/imapd.conf file? How
> exactly should it go in? is my conf file just the following:
Depends on the Applicatio which you want to configure. Cyrus Imap uses /etc/
imapd.conf, Postfix $plugindir/smtpd.conf. Cyrus-Imapd uses "sasl_" as Prefix
for all sasl-options. So this one must be:
> pwcheck_method: auxprop
> auxprop_plugin: sql
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_mech_list: plain login cram-md5 digest-md5
sasl_sql_engine: mysql
sasl_sql_hostnames: localhost
sasl_sql_user: mail
sasl_sql_passwd: secret
sasl_sql_database: mail
sasl_sql_select: select password from accountuser where username = '%u'
> My /etc/pam.d/imapd:
> auth required /lib/security/pam_stack.so service=system-auth
> account required /lib/security/pam_stack.so service=system-auth
>
> auth sufficient pam_mysql.so user=mail passwd=secret host=localhost db=mail
> table=accountuser usercolumn=username passwdcolumn=password crypt=0
> logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host
> logpidcolumn=pid logtimecolumn=time
>
> account required pam_mysql.so user=mail passwd=secret host=localhost
> db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0
> logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host
> logpidcolumn=pid logtimecolumn=time
> If I change the pwcheck_method to auxprop, does that mean it no longer uses
> saslauthd? Is there anyway to use saslauthd with non-encrypted p/ws?
> Where does saslauthd retrieve its username/passwd information from?
a.) Yes. Or you set:
pwcheck_method: auxprop saslauthd
Then both will be used.
b.) Yes. In case of pam_mysql there is an option "crypt=0". It is set in your
example above!?
c.) The Application recieves the Credentials from the Client over the Line.
These will be passed to the Cyrus-SASL-Library. It will be decoded and then
send to saslauthd which asks it's backend (pam_mysql for example) if the
user/password is correct. And this answer is send back to the Application.
--
Andreas
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
