Now I can use saslauthd. But only if I login with secure authentication.
I did this:
apt-get install libsasl-digestmd5-plain
which removed libsasl-digestmd5-des
#sasl_mech_list: PLAIN (disabled)
sasl_sql_engine: mysql
sasl_sql_hostname: localhost
sasl_sql_user: xxx
sasl_sql_passwd: xxx
sasl_sql_database: cyrus
sasl_sql_verbose: true
sasl_sql_select: SELECT password FROM accountuser WHERE username = '%u'
sasl_sql_insert: INSERT INTO accountuser (domain_name, username,
password) VALUES ('%r', '%u', '%v')
sasl_sql_update: UPDATE accountuser SET password = '%v' WHERE username =
'%u'
/etc/init.d/cyrus21 restartimtest now shows AUTH possibilities: # imtest -a cyrus -p imap localhost -v S: * OK debpro Cyrus IMAP4 v2.1.16-IPv6-Debian-2.1.16-6 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5
The problem is that now I can not use squirrelmail.
And I don't see pam using the log as it should in MySQL. Also it only works when I have sasl_sql_ settings so I guess the problem is with pam/saslauthd
Any ideas?
/Jacob
Jacob Friis Larsen wrote:
I am trying to make cyrus authenticate via saslauthd.
The problem is that when using "sasl_pwcheck_method: saslauthd" I get "generic failure: checkpass failed".
If I use "sasl_pwcheck_method: auxprop" it's working.
Since I only see SQL queries in /var/log/mysql/mysql.log when using auxprop I guess that the problem is between cyrus, saslauthd and or pam.
The system is running Debian stable/testing. Cyrus is cyrus21-imapd (2.1.16-6)
I have read all guides and searched Goggle. Below are info you might need. Please help.
Aug 12 11:53:37 debpro cyrus/imapd[32568]: badlogin: debpro[127.0.0.1] plaintext cyrus SASL(-1): generic failure: checkpass failed
# imtest -a cyrus -m login -p imap localhost
S: * OK debpro Cyrus IMAP4 v2.1.16-IPv6-Debian-2.1.16-6 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {5}
S: + go ahead
C: <omitted>
S: L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0
# /etc/init.d/saslauthd restart
Restarting SASL Authentication Daemon: saslauthd[31589] :main : num_procs : 0
saslauthd[31589] :main : mech_option: NULL
saslauthd[31589] :main : run_path : /var/run/saslauthd
saslauthd[31589] :main : auth_mech : pam
saslauthd[31589] :cache_alloc_mm : mmaped shared memory segment on file: /var/run/saslauthd/cache.mmap
saslauthd[31589] :cache_init : bucket size: 92 bytes
saslauthd[31589] :cache_init : stats size : 36 bytes
saslauthd[31589] :cache_init : timeout : 28800 seconds
saslauthd[31589] :cache_init : cache table: 944764 total bytes
saslauthd[31589] :cache_init : cache table: 1711 slots
saslauthd[31589] :cache_init : cache table: 10266 buckets
saslauthd[31589] :cache_init_lock : flock file opened at /var/run/saslauthd/cache.flock
saslauthd[31589] :detach_tty : master pid is: 0
saslauthd[31589] :ipc_init : listening on socket: /var/run/saslauthd/mux
# dpkg-statoverride --list /etc/sasldb2 cyrus sasl 660 /etc/sasldb2 # dpkg-statoverride --list /var/run/saslauthd cyrus sasl 710 /var/run/saslauthd
# less /etc/group | grep cyrus sasl:*:45:cyrus
# sasltestsuite NOTE: -For KERBEROS_V4 must be able to read srvtab file (usually /etc/srvtab) -For GSSAPI must be able to read srvtab (/etc/krb5.keytab) -For both KERBEROS_V4 and GSSAPI you must have non-expired tickets -For OTP (w/OPIE) must be able to read/write opiekeys (/etc/opiekeys) -For OTP you must have a non-expired secret -Must be able to read sasldb, which needs to be setup with a. username and a password (see top of testsuite.c)
Checking plaintext passwords... Failed with: sasl_checkpass() failed on simple case
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
