Sometimes users of the webmail(Squirrelmail) can't login or
are locked out of their session (they have just to try again
or reauthenticate). In this case I got the following log:
saslauthd[29777]: DEBUG: auth_pam: pam_authenticate failed:
Permission denied
saslauthd[29777]: do_auth : auth failure:
[user=aebi.chaosnet] [service=imap] [realm=] [mech=pam]
[reason=PAM auth error]
I think the squirrelmail does many sql lookups each times you navigate
in the programm. So you should try saslauthd to cache his user
informations. There is a parameter to start up the saslauthd ->
"-c Enable cacheing of authentication credentialstion"
to store all requests after a successful login in RAM. In this case,
if a user logs in many times after a while, the pam_mysql must only
lookup the sql database ones a day, and stores the informations in memory.
After this the saslauthd gives direct informations to squirrelmail,
and does no lokkup over pam_mysql. You can test it, and look if it
is solve your problem. I hope it does. :)
Thanks for your suggestions Marcel.
With -c things get even stranger. The first time I added -c and tested
with my user it worked half of the time. So I restarted the daemon again.
Now it worked like a charm. So I tested with an other user. There it
worked again only half of the time. And I *really* mean half of time.
Exactly every second page load got denied!?!?!
And in the logs everything seems to be all right. The denied logins are
logged as successful by sasl...
(So this seems definitely not to be a MySQL problem)
Anyone has got an idea?
Philippe
Aug 24 19:57:38 vritzII saslauthd[6448]: rel_accept_lock : released
accept lock
Aug 24 19:57:38 vritzII saslauthd[6447]: get_accept_lock : acquired
accept lock
Aug 24 19:57:38 vritzII saslauthd[6448]: cache_get_rlock : attempting a
read lock on slot: 485
Aug 24 19:57:38 vritzII saslauthd[6448]: cache_lookup :
[login=aebi.chaosnet] [service=] [realm=imap]: found with valid passwd
Aug 24 19:57:38 vritzII saslauthd[6448]: cache_un_lock : attempting to
release lock on slot: 485
Aug 24 19:57:38 vritzII saslauthd[6448]: do_auth : auth success
(cached): [user=aebi.chaosnet] [service=imap] [realm=]
Aug 24 19:57:38 vritzII saslauthd[6448]: do_request : response: OK
Aug 24 19:57:40 vritzII saslauthd[6447]: rel_accept_lock : released
accept lock
Aug 24 19:57:40 vritzII saslauthd[6448]: get_accept_lock : acquired
accept lock
Aug 24 19:57:40 vritzII saslauthd[6447]: cache_get_rlock : attempting a
read lock on slot: 485
Aug 24 19:57:40 vritzII saslauthd[6447]: cache_lookup :
[login=aebi.chaosnet] [service=] [realm=imap]: found with valid passwd
Aug 24 19:57:40 vritzII saslauthd[6447]: cache_un_lock : attempting to
release lock on slot: 485
Aug 24 19:57:40 vritzII saslauthd[6447]: do_auth : auth success
(cached): [user=aebi.chaosnet] [service=imap] [realm=]
Aug 24 19:57:40 vritzII saslauthd[6447]: do_request : response: OK
_______________________________________________
This mailing list is hosted and supported
by bit-heads GmbH | http://www.bit-heads.ch
_______________________________________________
Web-cyradm mailing list
[email protected]
http://www.web-cyradm.org/mailman/listinfo/web-cyradm
