Dan,
You nailed it. Mere presence of sasldb plugin makes it work.
The code doesn't look kosher to me though.
In sasl_server_new() there's a line:
serverconn->sparams->canon_user = &_sasl_canon_user_lookup;
which unconditionally set canon_user callback to the function that performs both
In the absence of an [sasl_]auxprop_plugins statement, all plugins will be
queried. For example, running pluginviewer (or saslpluginviewer on debian)
should typically list sasldb if it's installed on your system.
The canon_user plugins and auxprop plugins are coded within the same code,
and so
I'm using Debian packages for sasl. Here is what libsasl2-modules
includes:
/usr/lib/x86_64-linux-gnu/sasl2/libplain.so.2.0.25
/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so.2.0.25
/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25
/usr/lib/x86_64-linux-gnu/sasl2/liblogin.so.2.0.25
I'm trying to read the code and it seems that it tries to lookup authorization
id
in auxprop plugin. since I don't have any auxprop plugins that returns
SASL_NOMECH and results
in the error I'm seeing.
By any chance do you have any auxprop plugin defined?
On Monday, November 21, 2016 10:07:23
i run saslauthd as follows:
/usr/sbin/saslauthd -a pam -m /var/state/saslauthd -n 4 -r
i guess the notable difference is option '-r', which combines realm with login
username.
i've tried to create a couple of unqualified users and run saslauthd without it
with the same result - proxyauth
Maybe there is something wrong with your saslauthd parameters or PAM
config?
Here is what I use:
saslauthd -a pam -c -t 300 -m /var/run/saslauthd -n 5
# cat /etc/pam.d/sieve
# PAM configuration file for Cyrus IMAP service
authsufficient pam_ldap.so
authrequired
Andrew,
Thanks for the reply. It's good to know it works for someone.
I've tried to downgrade cyrus to 2.4.18, but that didn't help.
sivtest doesn't provide much clue:
root@rway-imap-vm:~# sivtest -a proxyadmin -u t...@virtualcrap.com localhost
S: "IMPLEMENTATION" "Cyrus timsieved v2.4.18"
S:
