Re: imapd is not talking to saslauthd

Tue, 30 Jan 2018 14:42:32 -0800 

Hmm.
I just switched my dev box to using saslauthd and it just worked.  I'm sure your problem is something simple, but its escaping me at the moment. 


When imtest fails, what is logged in the Cyrus IMAP log (wherever local6 
is logged)




On 01/30/2018 05:34 PM, Michael Rüger wrote:

Ken, thank you for jumping in!

Some more info: the apps run as the following users and groups

root@cyrus3:~ # ps aux
USER    PID %CPU %MEM    VSZ  RSS TT  STAT STARTED    TIME COMMAND

root  88686  0.0  0.0  10500 2044  -  SsJ  21:40   0:00.02 
/usr/sbin/syslogd -s
root  88717  0.0  0.1  43928 4360  -  IsJ  21:40   0:00.01 
/usr/local/sbin/saslauthd -a pam
root  88718  0.0  0.1  43928 4360  -  IJ   21:40   0:00.01 
/usr/local/sbin/saslauthd -a pam
root  88720  0.0  0.1  43928 4276  -  IJ   21:40   0:00.00 
/usr/local/sbin/saslauthd -a pam
root  88721  0.0  0.1  43928 4360  -  IJ   21:40   0:00.01 
/usr/local/sbin/saslauthd -a pam
root  88722  0.0  0.1  43928 4276  -  IJ   21:40   0:00.00 
/usr/local/sbin/saslauthd -a pam
cyrus 88724  0.0  0.1  65504 5884  -  SsJ  21:40   0:00.07 
/usr/local/cyrus/libexec/master -d


root@cyrus3:~ # su - cyrus
% id
uid=60(cyrus) gid=60(cyrus) groups=60(cyrus),1003(saslauth)



Am 30.01.2018 um 23:25 schrieb Michael Rüger 
<michael.g.rue...@gmail.com <mailto:michael.g.rue...@gmail.com>>:


root@cyrus3:~ # ls -la /var/run/saslauthd/
total 13
drwxr-x---  2 cyrus  saslauth   5 Jan 30 21:40 .
drwxr-xr-x  6 root   wheel     15 Jan 30 21:40 ..
srwxrwxrwx  1 root   saslauth   0 Jan 30 21:40 mux
-rw-------  1 root   saslauth   0 Jan 30 21:40 mux.accept
-rw-------  1 root   saslauth   6 Jan 30 21:40 saslauthd.pid


Am 30.01.2018 um 23:23 schrieb Ken Murchison <mu...@fastmail.com 
<mailto:mu...@fastmail.com>>:


Hi Michael,

What are the permissions on the socket that saslauthd is listening on?



On 01/30/2018 05:06 PM, Michael Rüger wrote:

Hi


(btw. i was Guest39278 on IRC yesterday and got the chance to 
introduce myself on googletalk)


I’m trying to set up imapd to use saslauthd for authentication.

I have already a running saslauthd which uses PAM. I can run this

root@cyrus3:/ # testsaslauthd -u mike -p mike
0: OK "Success.“

and if i run

root@cyrus3:/ # testsaslauthd -u mike -p abc
0: NO "authentication failed“

i get that logged in auth.log like this


Jan 30 21:43:53 cyrus3 saslauthd[88721]: do_auth         : auth 
failure: [user=mike] [service=imap] [realm=] [mech=pam] [reason=PAM 
auth error]


In imapd.conf i have

sasl_pwcheck_method: saslauthd

Now i’m authenticate against imapd

root@cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost

S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS 
LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 
AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me 
<http://cyrus3.intern.rueger.me/> Cyrus IMAP 3.0.5 server ready

C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate

TLS connection established: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

C: C01 CAPABILITY

S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA 
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT 
CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY 
SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 
METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA 
WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE 
DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=SCRAM-SHA-1 
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN 
SASL-IR COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE 
X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE

S: C01 OK Completed

C: A01 AUTHENTICATE SCRAM-SHA-1 
bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=

S: A01 NO authentication failure
Authentication failed. generic failure
Security strength factor: 256

Nothing is reported in auth.conf

If i do this


root@cyrus3:~ # saslpasswd2 -c m...@cyrus3.intern.rueger.me 
<mailto:m...@cyrus3.intern.rueger.me>

…<entering „mike“ twice here>
root@cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost

S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS 
LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 
AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me 
<http://cyrus3.intern.rueger.me/> Cyrus IMAP 3.0.5 server ready

C: S01 STARTTLS
…
Authenticated.
Security strength factor: 256

it is working against local db BUT NOT against saslauthd.

How do i setup imapd to talk to saslauthd?

BTW i’m using
* cyrus-imapd30-3.0.5
* cyrus-sasl-2.1.26_13
* cyrus-sasl-saslauthd-2.1.26_3
on FreeBSD 11.1

Thank you for any help,
Mike



--
Ken Murchison
Cyrus Development Team
FastMail US LLC
<murch.vcf>






--
Ken Murchison
Cyrus Development Team
FastMail US LLC


<<attachment: murch.vcf>>





















					Reply via email to