Wilson, Dave wrote:
saslauthd is running as root. However, I have passwords in /etc/shadow. Will it not work this way?
It will, but you need to use the '-a shadow' rather than '-a getpwent'.
-----Original Message----- From: Ken Murchison [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 11:06 AM To: Wilson, Dave Cc: [EMAIL PROTECTED] Subject: Re: Cyrus sasl authentication problem
Wilson, Dave wrote:
./saslauthd -a getpwent -d
saslauthd[6583] :main : num_procs : 5
saslauthd[6583] :main : mech_option: NULL
saslauthd[6583] :main : run_path : /var/state/saslauthd
saslauthd[6583] :main : auth_mech : getpwent
saslauthd[6583] :ipc_init : using accept lock file:
/var/state/saslauthd/mux.accept
saslauthd[6583] :detach_tty : master pid is: 0
saslauthd[6583] :ipc_init : listening on socket:
/var/state/saslauthd/mux
saslauthd[6583] :main : using process model
saslauthd[6583] :have_baby : forked child: 6584
saslauthd[6583] :have_baby : forked child: 6585
saslauthd[6583] :have_baby : forked child: 6586
saslauthd[6583] :have_baby : forked child: 6587
saslauthd[6583] :get_accept_lock : acquired accept lock
saslauthd[6583] :rel_accept_lock : released accept lock
saslauthd[6584] :get_accept_lock : acquired accept lock
saslauthd[6583] :do_auth : auth failure: [user=pcs]
[service=imap] [realm=] [mech=getpwent]
[reason=Unknown] saslauthd[6583] :do_request : response: NO
I assume that you are running saslauthd as root, that /etc/passwd is readable by root and that you actually have passwords in /etc/passwd (as opposed to /etc/shadow)?
-----Original Message----- From: Ken Murchison [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 10:45 AM To: Wilson, Dave Cc: [EMAIL PROTECTED] Subject: Re: Cyrus sasl authentication problem
Wilson, Dave wrote:
This didn't work either:
What does the SASL debug log look like?
./imtest -m login -a pcs localhost
S: * OK pcs-pfni-01 Cyrus IMAP4 v2.2.10 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_
RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMOR
E IDLE S: C01 OK Completed Please enter your password: C: L01 LOGIN pcs {3} S: + go ahead C: <omitted> S: L01 NO Login failed: no mechanism available Authentication failed. generic failure Security strength factor: 0
This is my imapd.conf:
configdirectory: /u01/imap partition-default: /u01/spool/imap admins: pcs root sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN allowplaintext: 1 defaultdomain: pactolus imapidlepoll: 15
I have saslauthd running: ./saslauthd -a getpwent
Any other ideas?
Dave
-----Original Message----- From: Ken Murchison [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 9:53 AM To: Wilson, Dave Cc: '[EMAIL PROTECTED]' Subject: Re: Cyrus sasl authentication problem
Wilson, Dave wrote:
I'm using Cyrus with sasl, using auth method getpwent:
./saslauthd -d -a getpwent
I then use imtest:
./imtest -m login -u pcs localhost
This should be:
./imtest -m login -a pcs localhost
S: * OK pcs-pfni-01 Cyrus IMAP4 v2.2.10 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_
RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMOR E IDLE AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR S: C01 OK Completed Please enter your password: C: L01 LOGIN root {3} S: + go ahead C: <omitted> S: L01 NO Login failed: authentication failure Authentication failed. generic failure Security strength factor: 0
The debug log from sasl is:
saslauthd[5293] :main : num_procs : 5
saslauthd[5293] :main : mech_option: NULL
saslauthd[5293] :main : run_path :
/var/state/saslauthd
saslauthd[5293] :main : auth_mech : getpwent
saslauthd[5293] :ipc_init : using accept lock file:
/var/state/saslauthd/mux.accept
saslauthd[5293] :detach_tty : master pid is: 0
saslauthd[5293] :ipc_init : listening on socket:
/var/state/saslauthd/mux
saslauthd[5293] :main : using process model
saslauthd[5293] :have_baby : forked child: 5294
saslauthd[5293] :have_baby : forked child: 5295
saslauthd[5293] :have_baby : forked child: 5296
saslauthd[5293] :have_baby : forked child: 5297
saslauthd[5293] :get_accept_lock : acquired accept lock
saslauthd[5293] :rel_accept_lock : released accept lock
saslauthd[5294] :get_accept_lock : acquired accept lock
saslauthd[5293] :do_auth : auth failure:
[user=root] [service=imap]
[realm=] [mech=getpwent]
[reason=Unknown]
saslauthd[5293] :do_request : response: NO
saslauthd[5294] :rel_accept_lock : released accept lock
saslauthd[5295] :get_accept_lock : acquired accept lock
saslauthd[5294] :do_auth : auth failure:
[user=root] [service=imap]
[realm=] [mech=getpwent] [reason=Unknown] saslauthd[5294] :do_request : response: NO
Why does this have user=root? More generally, why is the
authentication
failing?
Thanks Dave
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info:
http://asg.web.cmu.edu/cyrus/mailing-list.html
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
