<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Has Cyrus IMAP been restarted since switching to saslauthd? It
doesn't look like Cyrus is even trying to use saslauthd.<br>
</p>
<br>
<div class="moz-cite-prefix">On 01/30/2018 06:03 PM, Michael Rüger
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:30A78EF2-001B-4ED0-AEBB-A4833C7DAE6E@gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Struggled with enabling local6. The trick was to touch the new
syslog output file before restarting syslog with this new line
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier New">local6.*
/var/log/local6<br class="">
</font>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:/var/log
# cat local6</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: accepted connection</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: accepted connection</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SSL_accept() incomplete ->
wait</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SSL_accept() incomplete ->
wait</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SSL_accept() succeeded ->
done</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SSL_accept() succeeded ->
done</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: starttls: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no
authentication</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: starttls: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no
authentication</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL unable to canonify user
and get auxprops</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL unable to canonify user
and get auxprops</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: badlogin: [192.168.178.210]
SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify
user and get auxprops]</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: badlogin: [192.168.178.210]
SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify
user and get auxprops]</font></div>
<div class=""><br class="">
</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">Am 30.01.2018 um 23:41 schrieb Ken Murchison
<<a href="mailto:murch@fastmail.com" class=""
moz-do-not-send="true">murch@fastmail.com</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class="">
<p class="">Hmm.</p>
<p class="">I just switched my dev box to using
saslauthd and it just worked. I'm sure your problem
is something simple, but its escaping me at the
moment. <br class="">
</p>
<p class="">When imtest fails, what is logged in the
Cyrus IMAP log (wherever local6 is logged)</p>
<p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 01/30/2018 05:34 PM,
Michael Rüger wrote:<br class="">
</div>
<blockquote type="cite"
cite="mid:2EA6E076-B1E9-442E-BA80-DA9CA23A4666@gmail.com"
class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
Ken, thank you for jumping in!
<div class=""><br class="">
</div>
<div class="">Some more info: the apps run as the
following users and groups</div>
<div class=""><font class="" face="Courier New"><br
class="">
</font></div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~
# ps aux</font></div>
<div class=""><font class="" face="Courier New">USER
PID %CPU %MEM VSZ RSS TT STAT STARTED
TIME COMMAND</font></div>
<div class=""><font class="" face="Courier New">root
88686 0.0 0.0 10500 2044 - SsJ 21:40
0:00.02 /usr/sbin/syslogd -s</font></div>
<div class=""><font class="" face="Courier New">root
88717 0.0 0.1 43928 4360 - IsJ 21:40
0:00.01 /usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root
88718 0.0 0.1 43928 4360 - IJ 21:40
0:00.01 /usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root
88720 0.0 0.1 43928 4276 - IJ 21:40
0:00.00 /usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root
88721 0.0 0.1 43928 4360 - IJ 21:40
0:00.01 /usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root
88722 0.0 0.1 43928 4276 - IJ 21:40
0:00.00 /usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">cyrus
88724 0.0 0.1 65504 5884 - SsJ 21:40
0:00.07 /usr/local/cyrus/libexec/master -d</font></div>
<div class=""><font class="" face="Courier New"><br
class="">
</font></div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~
# su - cyrus</font></div>
<div class=""><font class="" face="Courier New">%
id</font></div>
<div class=""><font class="" face="Courier New">uid=60(cyrus)
gid=60(cyrus)
groups=60(cyrus),1003(saslauth)</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Am 30.01.2018 um 23:25 schrieb
Michael Rüger <<a
href="mailto:michael.g.rueger@gmail.com"
class="" moz-do-not-send="true">michael.g.rueger@gmail.com</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8"
class="">
<div style="word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;" class="">
<div class=""><font class=""
face="Courier New">root@cyrus3:~ #
ls -la /var/run/saslauthd/</font></div>
<div class=""><font class=""
face="Courier New">total 13</font></div>
<div class=""><font class=""
face="Courier New">drwxr-x--- 2
cyrus saslauth 5 Jan 30 21:40 .</font></div>
<div class=""><font class=""
face="Courier New">drwxr-xr-x 6
root wheel 15 Jan 30 21:40 ..</font></div>
<div class=""><font class=""
face="Courier New">srwxrwxrwx 1
root saslauth 0 Jan 30 21:40 mux</font></div>
<div class=""><font class=""
face="Courier New">-rw------- 1
root saslauth 0 Jan 30 21:40
mux.accept</font></div>
<div class=""><font class=""
face="Courier New">-rw------- 1
root saslauth 6 Jan 30 21:40
saslauthd.pid</font></div>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Am 30.01.2018 um 23:23
schrieb Ken Murchison <<a
href="mailto:murch@fastmail.com"
class="" moz-do-not-send="true">murch@fastmail.com</a>>:</div>
<br
class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type"
content="text/html;
charset=utf-8" class="">
<div text="#000000"
bgcolor="#FFFFFF" class="">
<p class="">Hi Michael,</p>
<p class="">What are the
permissions on the socket that
saslauthd is listening on?</p>
<p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On
01/30/2018 05:06 PM, Michael
Rüger wrote:<br class="">
</div>
<blockquote type="cite"
cite="mid:55482002-0BFC-4016-97A5-6B15F7A32703@gmail.com"
class="">
<meta
http-equiv="Content-Type"
content="text/html;
charset=utf-8" class="">
Hi
<div class=""><br class="">
</div>
<div class="">(btw. i
was Guest39278 on IRC
yesterday and got the chance
to introduce myself on
googletalk)</div>
<div class=""><br class="">
</div>
<div class="">I’m trying to
set up imapd to use
saslauthd for
authentication.</div>
<div class=""><br class="">
</div>
<div class="">I have already a
running saslauthd which uses
PAM. I can run this</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class=""
face="Courier New">root@cyrus3:/
# testsaslauthd -u mike
-p mike</font></div>
<div class=""><font class=""
face="Courier New">0: OK
"Success.“</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">and if i run</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class=""
face="Courier New">root@cyrus3:/
# testsaslauthd -u mike
-p abc</font></div>
<div class=""><font class=""
face="Courier New">0: NO
"authentication failed“</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">i get that
logged in auth.log like this</div>
<div class=""><br class="">
</div>
<div class=""><font class=""
face="Courier New">Jan 30
21:43:53 cyrus3
saslauthd[88721]: do_auth
: auth failure:
[user=mike] [service=imap]
[realm=] [mech=pam]
[reason=PAM auth error]</font></div>
<div class=""><br class="">
</div>
<div class="">In imapd.conf i
have</div>
<div class=""><font class=""
face="Courier New"><br
class="">
</font></div>
<div class=""><font class=""
face="Courier New">sasl_pwcheck_method:
saslauthd</font></div>
<div class=""><br class="">
</div>
<div class="">Now i’m
authenticate against imapd</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class=""
face="Courier New">root@cyrus3:~
# imtest -t "" -u mike
-a mike -w mike
localhost</font></div>
<div class=""><font class=""
face="Courier New">S: *
OK [CAPABILITY IMAP4rev1
LITERAL+ ID ENABLE
STARTTLS LOGINDISABLED
AUTH=SCRAM-SHA-1
AUTH=DIGEST-MD5
AUTH=CRAM-MD5 AUTH=NTLM
SASL-IR] <a
href="http://cyrus3.intern.rueger.me/"
class=""
moz-do-not-send="true">cyrus3.intern.rueger.me</a>
Cyrus IMAP 3.0.5 server
ready</font></div>
<div class=""><font class=""
face="Courier New">C:
S01 STARTTLS</font></div>
<div class=""><font class=""
face="Courier New">S:
S01 OK Begin TLS
negotiation now</font></div>
<div class=""><font class=""
face="Courier New">verify
error:num=18:self signed
certificate</font></div>
<div class=""><font class=""
face="Courier New">TLS
connection established:
TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384
(256/256 bits)</font></div>
<div class=""><font class=""
face="Courier New">C:
C01 CAPABILITY</font></div>
<div class=""><font class=""
face="Courier New">S: *
CAPABILITY IMAP4rev1
LITERAL+ ID ENABLE ACL
RIGHTS=kxten QUOTA
MAILBOX-REFERRALS
NAMESPACE UIDPLUS
NO_ATOMIC_RENAME
UNSELECT CHILDREN
MULTIAPPEND BINARY
CATENATE CONDSTORE
ESEARCH SEARCH=FUZZY
SORT SORT=MODSEQ
SORT=DISPLAY SORT=UID
THREAD=ORDEREDSUBJECT
THREAD=REFERENCES
THREAD=REFS ANNOTATEMORE
ANNOTATE-EXPERIMENT-1
METADATA LIST-EXTENDED
LIST-STATUS
LIST-MYRIGHTS
LIST-METADATA WITHIN
QRESYNC SCAN XLIST XMOVE
MOVE SPECIAL-USE
CREATE-SPECIAL-USE
DIGEST=SHA1
X-REPLICATION URLAUTH
URLAUTH=BINARY
AUTH=SCRAM-SHA-1
AUTH=DIGEST-MD5
AUTH=CRAM-MD5 AUTH=NTLM
AUTH=PLAIN AUTH=LOGIN
SASL-IR COMPRESS=DEFLATE
X-QUOTA=STORAGE
X-QUOTA=MESSAGE
X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS
IDLE</font></div>
<div class=""><font class=""
face="Courier New">S:
C01 OK Completed</font></div>
<div class=""><font class=""
face="Courier New">C:
A01 AUTHENTICATE
SCRAM-SHA-1
bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=</font></div>
<div class=""><font class=""
face="Courier New">S:
A01 NO authentication
failure</font></div>
<div class=""><font class=""
face="Courier New">Authentication
failed. generic failure</font></div>
<div class=""><font class=""
face="Courier New">Security
strength factor: 256</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">Nothing is
reported in auth.conf</div>
<div class=""><br class="">
</div>
<div class="">If i do this</div>
<div class=""><br class="">
</div>
<div class=""><font class=""
face="Courier New">root@cyrus3:~
# saslpasswd2 -c <a
href="mailto:mike@cyrus3.intern.rueger.me"
class=""
moz-do-not-send="true">mike@cyrus3.intern.rueger.me</a></font></div>
<div class=""><font class=""
face="Courier New">…<entering
„mike“ twice here></font></div>
<div class=""><font class=""
face="Courier New">root@cyrus3:~
# imtest -t "" -u mike -a
mike -w mike localhost</font></div>
<div class=""><font class=""
face="Courier New">S: * OK
[CAPABILITY IMAP4rev1
LITERAL+ ID ENABLE
STARTTLS LOGINDISABLED
AUTH=SCRAM-SHA-1
AUTH=DIGEST-MD5
AUTH=CRAM-MD5 AUTH=NTLM
SASL-IR] <a
href="http://cyrus3.intern.rueger.me/"
class=""
moz-do-not-send="true">cyrus3.intern.rueger.me</a>
Cyrus IMAP 3.0.5 server
ready</font></div>
<div class=""><font class=""
face="Courier New">C: S01
STARTTLS</font></div>
<div class=""><font class=""
face="Courier New">…</font></div>
<div class="">
<div class=""><font class=""
face="Courier New">Authenticated.</font></div>
<div class=""><font class=""
face="Courier New">Security
strength factor: 256</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">it is working
against local db BUT NOT
against saslauthd.</div>
<div class=""><br class="">
</div>
<div class="">How do i setup
imapd to talk to saslauthd?</div>
<div class=""><br class="">
</div>
<div class="">BTW i’m using </div>
<div class="">* cyrus-imapd30-3.0.5</div>
<div class="">* cyrus-sasl-2.1.26_13</div>
<div class="">*
cyrus-sasl-saslauthd-2.1.26_3</div>
<div class="">on FreeBSD 11.1</div>
<div class=""><br class="">
</div>
<div class="">Thank you for
any help,</div>
<div class="">Mike</div>
<div class=""><br class="">
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span
id="cid:1EB1CA7E-9C20-44D1-9F93-EC1E28AB5F60@fritz.box"
class=""><murch.vcf></span></div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span
id="cid:F7012A0F-115C-49B1-9917-9E5060EB1398@fritz.box"><murch.vcf></span></div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</body>
</html>