Hello, This is driving me insane. I suspect the answer is simple but I have been going around in circles and I no longer have an idea of the direction I'm facing.
I'm building a mailserver on Ubuntu 22.04, using cyrus-imapd 3.4.3, cyrus-sasl2 2.1.27, postfix 3.6.4 and pam-mysql 0.8.1 For these tests, I am running saslauthd in debug mode: /usr/sbin/saslauthd -Vd -a pam -r -m /var/spool/postfix/var/run/saslauthd -n 5 I can authenticate with testsaslauthd: testsaslauthd -u test -p test -r example.org -s imap -f /var/spool/postfix/var/run/saslauthd/mux 0: OK "Success." The message from saslauthd is: :auth success: [[email protected]] [service=imap] [realm=example.org] [mech=pam] This shows that saslauthd is correctly interpreting the -r option and concatenating the user and realm. However, if I use imtest, I get a very different result: /usr/lib/cyrus/bin/imtest -a test -r example.org -w test S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=LOGIN AUTH=PLAIN SASL-IR] www.example.org Cyrus IMAP 3.4.3-dirty-Debian-3.4.3-3build2 server ready C: A01 AUTHENTICATE PLAIN AHRlc3QAdGVzdA== S: A01 NO authentication failure Authentication failed. generic failure saslauthd says: :auth failure: [user=test] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] If I get smart and try to include the domain in the username, saslauthd sees my feeble attempt to outwit it, and laughs: /usr/lib/cyrus/bin/imtest -a [email protected] -w test S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=LOGIN AUTH=PLAIN SASL-IR] www.example.org Cyrus IMAP 3.4.3-dirty-Debian-3.4.3-3build2 server ready C: A01 AUTHENTICATE PLAIN AHRlc3RAYW50aW9jaGJpaS5vcmcudWsAdGVzdA== S: A01 NO authentication failure Authentication failed. generic failure saslauthd says: :auth failure: [user=test] [service=imap] *[realm=]* [mech=pam] [reason=PAM auth error] It would appear that saslauthd is not receiving the realm from the imap server, no matter how the realm is presented to imtest. In my imapd.conf, the relevant options are set: defaultdomain: example.org loginrealms: example.org sasl_mech_list: LOGIN PLAIN sasl_pwcheck_method: saslauthd sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux I'm at my wit's end, and I never had all that many wits to begin with. Grateful for any assistance! ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T831b5707b642fe85-M12e88ee6bd2bf597673d7156 Delivery options: https://cyrus.topicbox.com/groups/info/subscription
