<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class=""><font face="Courier New" class="">root@cyrus3:~ # ls -la /var/run/saslauthd/</font></div><div class=""><font face="Courier New" class="">total 13</font></div><div class=""><font face="Courier New" class="">drwxr-x--- 2 cyrus saslauth 5 Jan 30 21:40 .</font></div><div class=""><font face="Courier New" class="">drwxr-xr-x 6 root wheel 15 Jan 30 21:40 ..</font></div><div class=""><font face="Courier New" class="">srwxrwxrwx 1 root saslauth 0 Jan 30 21:40 mux</font></div><div class=""><font face="Courier New" class="">-rw------- 1 root saslauth 0 Jan 30 21:40 mux.accept</font></div><div class=""><font face="Courier New" class="">-rw------- 1 root saslauth 6 Jan 30 21:40 saslauthd.pid</font></div><div><br class=""><blockquote type="cite" class=""><div class="">Am 30.01.2018 um 23:23 schrieb Ken Murchison <<a href="mailto:murch@fastmail.com" class="">murch@fastmail.com</a>>:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Hi Michael,</p><p class="">What are the permissions on the socket that saslauthd is
listening on?</p><p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 01/30/2018 05:06 PM, Michael Rüger
wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:55482002-0BFC-4016-97A5-6B15F7A32703@gmail.com" class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
Hi
<div class=""><br class="">
</div>
<div class="">(btw. i was Guest39278 on IRC yesterday and got the
chance to introduce myself on googletalk)</div>
<div class=""><br class="">
</div>
<div class="">I’m trying to set up imapd to use saslauthd for
authentication.</div>
<div class=""><br class="">
</div>
<div class="">I have already a running saslauthd which uses PAM. I
can run this</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:/ #
testsaslauthd -u mike -p mike</font></div>
<div class=""><font class="" face="Courier New">0: OK "Success.“</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">and if i run</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:/ #
testsaslauthd -u mike -p abc</font></div>
<div class=""><font class="" face="Courier New">0: NO
"authentication failed“</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">i get that logged in auth.log like this</div>
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier New">Jan 30 21:43:53
cyrus3 saslauthd[88721]: do_auth : auth failure:
[user=mike] [service=imap] [realm=] [mech=pam] [reason=PAM
auth error]</font></div>
<div class=""><br class="">
</div>
<div class="">In imapd.conf i have</div>
<div class=""><font class="" face="Courier New"><br class="">
</font></div>
<div class=""><font class="" face="Courier New">sasl_pwcheck_method:
saslauthd</font></div>
<div class=""><br class="">
</div>
<div class="">Now i’m authenticate against imapd</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~ #
imtest -t "" -u mike -a mike -w mike localhost</font></div>
<div class=""><font class="" face="Courier New">S: * OK
[CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS
LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5
AUTH=NTLM SASL-IR] <a href="http://cyrus3.intern.rueger.me/" class="" moz-do-not-send="true">cyrus3.intern.rueger.me</a>
Cyrus IMAP 3.0.5 server ready</font></div>
<div class=""><font class="" face="Courier New">C: S01 STARTTLS</font></div>
<div class=""><font class="" face="Courier New">S: S01 OK Begin
TLS negotiation now</font></div>
<div class=""><font class="" face="Courier New">verify
error:num=18:self signed certificate</font></div>
<div class=""><font class="" face="Courier New">TLS connection
established: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
(256/256 bits)</font></div>
<div class=""><font class="" face="Courier New">C: C01
CAPABILITY</font></div>
<div class=""><font class="" face="Courier New">S: * CAPABILITY
IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME
UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE
ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID
THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS
ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED
LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN
XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1
X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=SCRAM-SHA-1
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN
AUTH=LOGIN SASL-IR COMPRESS=DEFLATE X-QUOTA=STORAGE
X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS IDLE</font></div>
<div class=""><font class="" face="Courier New">S: C01 OK
Completed</font></div>
<div class=""><font class="" face="Courier New">C: A01
AUTHENTICATE SCRAM-SHA-1
bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=</font></div>
<div class=""><font class="" face="Courier New">S: A01 NO
authentication failure</font></div>
<div class=""><font class="" face="Courier New">Authentication
failed. generic failure</font></div>
<div class=""><font class="" face="Courier New">Security
strength factor: 256</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">Nothing is reported in auth.conf</div>
<div class=""><br class="">
</div>
<div class="">If i do this</div>
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier New">root@cyrus3:~ #
saslpasswd2 -c <a href="mailto:mike@cyrus3.intern.rueger.me" class="" moz-do-not-send="true">mike@cyrus3.intern.rueger.me</a></font></div>
<div class=""><font class="" face="Courier New">…<entering
„mike“ twice here></font></div>
<div class=""><font class="" face="Courier New">root@cyrus3:~ #
imtest -t "" -u mike -a mike -w mike localhost</font></div>
<div class=""><font class="" face="Courier New">S: * OK
[CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS
LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5
AUTH=NTLM SASL-IR] <a href="http://cyrus3.intern.rueger.me/" class="" moz-do-not-send="true">cyrus3.intern.rueger.me</a>
Cyrus IMAP 3.0.5 server ready</font></div>
<div class=""><font class="" face="Courier New">C: S01 STARTTLS</font></div>
<div class=""><font class="" face="Courier New">…</font></div>
<div class="">
<div class=""><font class="" face="Courier New">Authenticated.</font></div>
<div class=""><font class="" face="Courier New">Security
strength factor: 256</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">it is working against local db BUT NOT against
saslauthd.</div>
<div class=""><br class="">
</div>
<div class="">How do i setup imapd to talk to saslauthd?</div>
<div class=""><br class="">
</div>
<div class="">BTW i’m using </div>
<div class="">* cyrus-imapd30-3.0.5</div>
<div class="">* cyrus-sasl-2.1.26_13</div>
<div class="">* cyrus-sasl-saslauthd-2.1.26_3</div>
<div class="">on FreeBSD 11.1</div>
<div class=""><br class="">
</div>
<div class="">Thank you for any help,</div>
<div class="">Mike</div>
<div class=""><br class="">
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span id="cid:1EB1CA7E-9C20-44D1-9F93-EC1E28AB5F60@fritz.box"><murch.vcf></span></div></blockquote></div><br class=""></body></html>