On Sun, 26 Jun 2005 22:10:45 +0200 "Dudi Goldenberg" <[EMAIL PROTECTED]> wrote:
> Hi Ken, > > Both Cyrus and Cyrus sasl are running perfectly. > > Cyrus is integrated into web-cyradm for the domains and user accounts. What database are you using for your backend to store accountusers, domainadmins, virtual tables, etc.? I assume MySQL? > The question is how can I use permit_sasl_authenticated if web-cyradm created > users does not have a corresponding sasl user created > (saslpasswd2 -c)... If users' credentials are being created in the database referenced above, then you should not need to be creating a corresponding sasl user in sasldb2. The permit_sasl_authenticated should be checking your SQL backend for the credentials, NOT sasldb2. Is there some reason WHY you want/need the credentials stored in sasldb2 rather than a SQL backend? If no pressing arguement to the contrary, I'd recommend using an SQL backend. (Admittedly LDAP would also be nice alternative, but, to my knowledge support for LDAP is not yet in stable) > I'll find a way around this, but it would be much easier if web-cyradm could > create the sasl user as well. It does for me. Hence I suspect there must be something wrong with your configuration. Some questions: 1) What SQL backend are you using? 2) Are you sure your SASL2 is built to include support for that backend? 3) If using MySQL, have you turned on verbose logging to check what SQL statements, if any, are being passed when you try to authenticate? If not, put something like log = /var/log/mysql-verbose.log as appropriate for your config in your my.cnf, touch and chown the file, and restart MySQL so you can ascertain just exactly what, if any, sql statements are being passed when you try authenticating. 4) What is your PHP config? What does php -m return? 5) Is the admin user you're creating the new accounts with listed in imapd.conf? 6) I am not a PAM fan. Suggest you try auxprop instead. Need somthing like following in your imapd.conf: sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sasl_sql_engine: mysql sasl_allowanonymouslogin: no sasl_allowoplaintext: yes sasl_mech_list: digest-md5 plain login sasl_sql_user: mail sasl_sql_passwd: SECURE_PASSWORD sasl_sql_hostnames: localhost sasl_sql_database: mail sasl_sql_select: select password from accountuser where username= '%u' <-- all one line- no wrapping sasl_sql_verbose: yes and as appropriate for smtpd (and other) services in /usr/local/lib/ sasl2/ smptd.conf: pwcheck_method: auxprop auxprop_plugin: sql sql_engine: mysql allowanonymouslogin: no allowoplaintext: yes mech_list: digest-md5 plain login sql_user: mail sql_passwd: SECURE_PASSWORD sql_hostnames: localhost sql_database: mail sql_select: select password from accountuser where username = '%u' sql_verbose: yes Addmittedly auxprop doesn't let me log to the SQL backend but then I don't require this anyways and the config removes the added complexity and occassional security holes of PAM from the mix. Also the need to run saslauthd. Once you get your system working you can then tweak to use PAM if desired. 7) And, finally, see sig below for why top posting is a drag...;-) -- Best regards, Ken Gunderson Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? _______________________________________________ This mailing list is hosted and supported by bit-heads GmbH | http://www.bit-heads.ch _______________________________________________ Web-cyradm mailing list [email protected] http://www.web-cyradm.org/mailman/listinfo/web-cyradm
