Hi Michael, What are the permissions on the socket that saslauthd is listening on?
On 01/30/2018 05:06 PM, Michael Rüger wrote:
Hi(btw. i was Guest39278 on IRC yesterday and got the chance to introduce myself on googletalk)I’m trying to set up imapd to use saslauthd for authentication. I have already a running saslauthd which uses PAM. I can run this root@cyrus3:/ # testsaslauthd -u mike -p mike 0: OK "Success.“ and if i run root@cyrus3:/ # testsaslauthd -u mike -p abc 0: NO "authentication failed“ i get that logged in auth.log like thisJan 30 21:43:53 cyrus3 saslauthd[88721]: do_auth : auth failure: [user=mike] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]In imapd.conf i have sasl_pwcheck_method: saslauthd Now i’m authenticate against imapd root@cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhostS: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me> Cyrus IMAP 3.0.5 server readyC: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=18:self signed certificateTLS connection established: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)C: C01 CAPABILITYS: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLES: C01 OK CompletedC: A01 AUTHENTICATE SCRAM-SHA-1 bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=S: A01 NO authentication failure Authentication failed. generic failure Security strength factor: 256 Nothing is reported in auth.conf If i do thisroot@cyrus3:~ # saslpasswd2 -c m...@cyrus3.intern.rueger.me <mailto:m...@cyrus3.intern.rueger.me>…<entering „mike“ twice here> root@cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhostS: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me> Cyrus IMAP 3.0.5 server readyC: S01 STARTTLS … Authenticated. Security strength factor: 256 it is working against local db BUT NOT against saslauthd. How do i setup imapd to talk to saslauthd? BTW i’m using * cyrus-imapd30-3.0.5 * cyrus-sasl-2.1.26_13 * cyrus-sasl-saslauthd-2.1.26_3 on FreeBSD 11.1 Thank you for any help, Mike
-- Ken Murchison Cyrus Development Team FastMail US LLC
<<attachment: murch.vcf>>
