Hi,
Usually this has something to do with permissions. Are you able to read
/ write the saslauthd socket (as the cyrus user)?
Regards,
Matthijs
On 23/07/2023 15:09, [email protected] wrote:
Hello,
This is driving me insane. I suspect the answer is simple but I have
been going around in circles and I no longer have an idea of the
direction I'm facing.
I'm building a mailserver on Ubuntu 22.04, using cyrus-imapd 3.4.3,
cyrus-sasl2 2.1.27, postfix 3.6.4 and pam-mysql 0.8.1
For these tests, I am running saslauthd in debug mode:
/usr/sbin/saslauthd -Vd -a pam -r -m
/var/spool/postfix/var/run/saslauthd -n 5
I can authenticate with testsaslauthd:
testsaslauthd -u test -p test -r example.org -s imap -f
/var/spool/postfix/var/run/saslauthd/mux
0: OK "Success."
The message from saslauthd is:
:auth success: [[email protected]] [service=imap]
[realm=example.org] [mech=pam]
This shows that saslauthd is correctly interpreting the -r option and
concatenating the user and realm.
However, if I use imtest, I get a very different result:
/usr/lib/cyrus/bin/imtest -a test -r example.org -w test
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=LOGIN AUTH=PLAIN
SASL-IR] www.example.org Cyrus IMAP 3.4.3-dirty-Debian-3.4.3-3build2
server ready
C: A01 AUTHENTICATE PLAIN AHRlc3QAdGVzdA==
S: A01 NO authentication failure
Authentication failed. generic failure
saslauthd says:
:auth failure: [user=test] [service=imap] [realm=] [mech=pam]
[reason=PAM auth error]
If I get smart and try to include the domain in the username,
saslauthd sees my feeble attempt to outwit it, and laughs:
/usr/lib/cyrus/bin/imtest -a [email protected] -w test
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=LOGIN AUTH=PLAIN
SASL-IR] www.example.org Cyrus IMAP 3.4.3-dirty-Debian-3.4.3-3build2
server ready
C: A01 AUTHENTICATE PLAIN AHRlc3RAYW50aW9jaGJpaS5vcmcudWsAdGVzdA==
S: A01 NO authentication failure
Authentication failed. generic failure
saslauthd says:
:auth failure: [user=test] [service=imap] *[realm=]* [mech=pam]
[reason=PAM auth error]
It would appear that saslauthd is not receiving the realm from the
imap server, no matter how the realm is presented to imtest.
In my imapd.conf, the relevant options are set:
defaultdomain: example.org
loginrealms: example.org
sasl_mech_list: LOGIN PLAIN
sasl_pwcheck_method: saslauthd
sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
I'm at my wit's end, and I never had all that many wits to begin with.
Grateful for any assistance!
*Cyrus <https://cyrus.topicbox.com/latest>* / Info / see discussions
<https://cyrus.topicbox.com/groups/info> + participants
<https://cyrus.topicbox.com/groups/info/members> + delivery options
<https://cyrus.topicbox.com/groups/info/subscription> Permalink
<https://cyrus.topicbox.com/groups/info/T831b5707b642fe85-M12e88ee6bd2bf597673d7156>
------------------------------------------
Cyrus: Info
Permalink:
https://cyrus.topicbox.com/groups/info/T831b5707b642fe85-Mec6a4b16c274233577cd5a0c
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
