Ken, thank you for jumping in! Some more info: the apps run as the following users and groups
root@cyrus3:~ # ps aux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 88686 0.0 0.0 10500 2044 - SsJ 21:40 0:00.02 /usr/sbin/syslogd -s root 88717 0.0 0.1 43928 4360 - IsJ 21:40 0:00.01 /usr/local/sbin/saslauthd -a pam root 88718 0.0 0.1 43928 4360 - IJ 21:40 0:00.01 /usr/local/sbin/saslauthd -a pam root 88720 0.0 0.1 43928 4276 - IJ 21:40 0:00.00 /usr/local/sbin/saslauthd -a pam root 88721 0.0 0.1 43928 4360 - IJ 21:40 0:00.01 /usr/local/sbin/saslauthd -a pam root 88722 0.0 0.1 43928 4276 - IJ 21:40 0:00.00 /usr/local/sbin/saslauthd -a pam cyrus 88724 0.0 0.1 65504 5884 - SsJ 21:40 0:00.07 /usr/local/cyrus/libexec/master -d root@cyrus3:~ # su - cyrus % id uid=60(cyrus) gid=60(cyrus) groups=60(cyrus),1003(saslauth) > Am 30.01.2018 um 23:25 schrieb Michael Rüger <michael.g.rue...@gmail.com>: > > root@cyrus3:~ # ls -la /var/run/saslauthd/ > total 13 > drwxr-x--- 2 cyrus saslauth 5 Jan 30 21:40 . > drwxr-xr-x 6 root wheel 15 Jan 30 21:40 .. > srwxrwxrwx 1 root saslauth 0 Jan 30 21:40 mux > -rw------- 1 root saslauth 0 Jan 30 21:40 mux.accept > -rw------- 1 root saslauth 6 Jan 30 21:40 saslauthd.pid > >> Am 30.01.2018 um 23:23 schrieb Ken Murchison <mu...@fastmail.com >> <mailto:mu...@fastmail.com>>: >> >> Hi Michael, >> >> What are the permissions on the socket that saslauthd is listening on? >> >> >> >> On 01/30/2018 05:06 PM, Michael Rüger wrote: >>> Hi >>> >>> (btw. i was Guest39278 on IRC yesterday and got the chance to introduce >>> myself on googletalk) >>> >>> I’m trying to set up imapd to use saslauthd for authentication. >>> >>> I have already a running saslauthd which uses PAM. I can run this >>> >>> root@cyrus3:/ # testsaslauthd -u mike -p mike >>> 0: OK "Success.“ >>> >>> and if i run >>> >>> root@cyrus3:/ # testsaslauthd -u mike -p abc >>> 0: NO "authentication failed“ >>> >>> i get that logged in auth.log like this >>> >>> Jan 30 21:43:53 cyrus3 saslauthd[88721]: do_auth : auth failure: >>> [user=mike] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] >>> >>> In imapd.conf i have >>> >>> sasl_pwcheck_method: saslauthd >>> >>> Now i’m authenticate against imapd >>> >>> root@cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost >>> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED >>> AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] >>> cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me/> Cyrus IMAP 3.0.5 >>> server ready >>> C: S01 STARTTLS >>> S: S01 OK Begin TLS negotiation now >>> verify error:num=18:self signed certificate >>> TLS connection established: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 >>> (256/256 bits) >>> C: C01 CAPABILITY >>> S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA >>> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN >>> MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ >>> SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS >>> ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS >>> LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE >>> SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH >>> URLAUTH=BINARY AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM >>> AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE X-QUOTA=STORAGE >>> X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE >>> S: C01 OK Completed >>> C: A01 AUTHENTICATE SCRAM-SHA-1 >>> bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc= >>> S: A01 NO authentication failure >>> Authentication failed. generic failure >>> Security strength factor: 256 >>> >>> Nothing is reported in auth.conf >>> >>> If i do this >>> >>> root@cyrus3:~ # saslpasswd2 -c m...@cyrus3.intern.rueger.me >>> <mailto:m...@cyrus3.intern.rueger.me> >>> …<entering „mike“ twice here> >>> root@cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost >>> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED >>> AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] >>> cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me/> Cyrus IMAP 3.0.5 >>> server ready >>> C: S01 STARTTLS >>> … >>> Authenticated. >>> Security strength factor: 256 >>> >>> it is working against local db BUT NOT against saslauthd. >>> >>> How do i setup imapd to talk to saslauthd? >>> >>> BTW i’m using >>> * cyrus-imapd30-3.0.5 >>> * cyrus-sasl-2.1.26_13 >>> * cyrus-sasl-saslauthd-2.1.26_3 >>> on FreeBSD 11.1 >>> >>> Thank you for any help, >>> Mike >>> >> >> -- >> Ken Murchison >> Cyrus Development Team >> FastMail US LLC >> <murch.vcf> >
signature.asc
Description: Message signed with OpenPGP
