Struggled with enabling local6. The trick was to touch the new syslog output file before restarting syslog with this new line
local6.* /var/log/local6 root@cyrus3:/var/log # cat local6 Jan 30 22:59:51 cyrus3 imap[90156]: accepted connection Jan 30 22:59:51 cyrus3 imap[90156]: accepted connection Jan 30 22:59:51 cyrus3 imap[90156]: SSL_accept() incomplete -> wait Jan 30 22:59:51 cyrus3 imap[90156]: SSL_accept() incomplete -> wait Jan 30 22:59:51 cyrus3 imap[90156]: SSL_accept() succeeded -> done Jan 30 22:59:51 cyrus3 imap[90156]: SSL_accept() succeeded -> done Jan 30 22:59:51 cyrus3 imap[90156]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication Jan 30 22:59:51 cyrus3 imap[90156]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication Jan 30 22:59:51 cyrus3 imap[90156]: SASL no user in db Jan 30 22:59:51 cyrus3 imap[90156]: SASL no user in db Jan 30 22:59:51 cyrus3 imap[90156]: SASL no user in db Jan 30 22:59:51 cyrus3 imap[90156]: SASL unable to canonify user and get auxprops Jan 30 22:59:51 cyrus3 imap[90156]: SASL no user in db Jan 30 22:59:51 cyrus3 imap[90156]: SASL unable to canonify user and get auxprops Jan 30 22:59:51 cyrus3 imap[90156]: badlogin: [192.168.178.210] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops] Jan 30 22:59:51 cyrus3 imap[90156]: badlogin: [192.168.178.210] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops] > Am 30.01.2018 um 23:41 schrieb Ken Murchison <mu...@fastmail.com>: > > Hmm. > > I just switched my dev box to using saslauthd and it just worked. I'm sure > your problem is something simple, but its escaping me at the moment. > When imtest fails, what is logged in the Cyrus IMAP log (wherever local6 is > logged) > > > > On 01/30/2018 05:34 PM, Michael Rüger wrote: >> Ken, thank you for jumping in! >> >> Some more info: the apps run as the following users and groups >> >> root@cyrus3:~ # ps aux >> USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND >> root 88686 0.0 0.0 10500 2044 - SsJ 21:40 0:00.02 /usr/sbin/syslogd >> -s >> root 88717 0.0 0.1 43928 4360 - IsJ 21:40 0:00.01 >> /usr/local/sbin/saslauthd -a pam >> root 88718 0.0 0.1 43928 4360 - IJ 21:40 0:00.01 >> /usr/local/sbin/saslauthd -a pam >> root 88720 0.0 0.1 43928 4276 - IJ 21:40 0:00.00 >> /usr/local/sbin/saslauthd -a pam >> root 88721 0.0 0.1 43928 4360 - IJ 21:40 0:00.01 >> /usr/local/sbin/saslauthd -a pam >> root 88722 0.0 0.1 43928 4276 - IJ 21:40 0:00.00 >> /usr/local/sbin/saslauthd -a pam >> cyrus 88724 0.0 0.1 65504 5884 - SsJ 21:40 0:00.07 >> /usr/local/cyrus/libexec/master -d >> >> root@cyrus3:~ # su - cyrus >> % id >> uid=60(cyrus) gid=60(cyrus) groups=60(cyrus),1003(saslauth) >> >> >>> Am 30.01.2018 um 23:25 schrieb Michael Rüger <michael.g.rue...@gmail.com >>> <mailto:michael.g.rue...@gmail.com>>: >>> >>> root@cyrus3:~ # ls -la /var/run/saslauthd/ >>> total 13 >>> drwxr-x--- 2 cyrus saslauth 5 Jan 30 21:40 . >>> drwxr-xr-x 6 root wheel 15 Jan 30 21:40 .. >>> srwxrwxrwx 1 root saslauth 0 Jan 30 21:40 mux >>> -rw------- 1 root saslauth 0 Jan 30 21:40 mux.accept >>> -rw------- 1 root saslauth 6 Jan 30 21:40 saslauthd.pid >>> >>>> Am 30.01.2018 um 23:23 schrieb Ken Murchison <mu...@fastmail.com >>>> <mailto:mu...@fastmail.com>>: >>>> >>>> Hi Michael, >>>> >>>> What are the permissions on the socket that saslauthd is listening on? >>>> >>>> >>>> >>>> On 01/30/2018 05:06 PM, Michael Rüger wrote: >>>>> Hi >>>>> >>>>> (btw. i was Guest39278 on IRC yesterday and got the chance to introduce >>>>> myself on googletalk) >>>>> >>>>> I’m trying to set up imapd to use saslauthd for authentication. >>>>> >>>>> I have already a running saslauthd which uses PAM. I can run this >>>>> >>>>> root@cyrus3:/ # testsaslauthd -u mike -p mike >>>>> 0: OK "Success.“ >>>>> >>>>> and if i run >>>>> >>>>> root@cyrus3:/ # testsaslauthd -u mike -p abc >>>>> 0: NO "authentication failed“ >>>>> >>>>> i get that logged in auth.log like this >>>>> >>>>> Jan 30 21:43:53 cyrus3 saslauthd[88721]: do_auth : auth failure: >>>>> [user=mike] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] >>>>> >>>>> In imapd.conf i have >>>>> >>>>> sasl_pwcheck_method: saslauthd >>>>> >>>>> Now i’m authenticate against imapd >>>>> >>>>> root@cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost >>>>> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED >>>>> AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] >>>>> cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me/> Cyrus IMAP >>>>> 3.0.5 server ready >>>>> C: S01 STARTTLS >>>>> S: S01 OK Begin TLS negotiation now >>>>> verify error:num=18:self signed certificate >>>>> TLS connection established: TLSv1.2 with cipher >>>>> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) >>>>> C: C01 CAPABILITY >>>>> S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA >>>>> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN >>>>> MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT >>>>> SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES >>>>> THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED >>>>> LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE >>>>> MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH >>>>> URLAUTH=BINARY AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM >>>>> AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE X-QUOTA=STORAGE >>>>> X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE >>>>> S: C01 OK Completed >>>>> C: A01 AUTHENTICATE SCRAM-SHA-1 >>>>> bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc= >>>>> S: A01 NO authentication failure >>>>> Authentication failed. generic failure >>>>> Security strength factor: 256 >>>>> >>>>> Nothing is reported in auth.conf >>>>> >>>>> If i do this >>>>> >>>>> root@cyrus3:~ # saslpasswd2 -c m...@cyrus3.intern.rueger.me >>>>> <mailto:m...@cyrus3.intern.rueger.me> >>>>> …<entering „mike“ twice here> >>>>> root@cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost >>>>> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED >>>>> AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] >>>>> cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me/> Cyrus IMAP >>>>> 3.0.5 server ready >>>>> C: S01 STARTTLS >>>>> … >>>>> Authenticated. >>>>> Security strength factor: 256 >>>>> >>>>> it is working against local db BUT NOT against saslauthd. >>>>> >>>>> How do i setup imapd to talk to saslauthd? >>>>> >>>>> BTW i’m using >>>>> * cyrus-imapd30-3.0.5 >>>>> * cyrus-sasl-2.1.26_13 >>>>> * cyrus-sasl-saslauthd-2.1.26_3 >>>>> on FreeBSD 11.1 >>>>> >>>>> Thank you for any help, >>>>> Mike >>>>> >>>> >>>> -- >>>> Ken Murchison >>>> Cyrus Development Team >>>> FastMail US LLC >>>> <murch.vcf> >>> >> > > -- > Ken Murchison > Cyrus Development Team > FastMail US LLC > <murch.vcf>
