<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">After enabling debug and restarting saslauthd and retrigger imtest, saslauthd gets no request. </div><div class=""><br class=""></div><div class=""><font face="Courier New" class="">root@cyrus3:/etc # /usr/local/etc/rc.d/saslauthd restart</font></div><div class=""><font face="Courier New" class="">Stopping saslauthd.</font></div><div class=""><font face="Courier New" class="">Waiting for PIDS: 88717.</font></div><div class=""><font face="Courier New" class="">Starting saslauthd.</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :main : num_procs : 5</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :main : mech_option: NULL</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :main : run_path : /var/run/saslauthd</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :main : auth_mech : pam</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :detach_tty : master pid is: 0</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :ipc_init : listening on socket: /var/run/saslauthd/mux</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :main : using process model</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :have_baby : forked child: 90859</font></div><div class=""><font face="Courier New" class="">saslauthd[90859] :get_accept_lock : acquired accept lock</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :have_baby : forked child: 90860</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :have_baby : forked child: 90861</font></div><div class=""><font face="Courier New" class="">saslauthd[90858] :have_baby : forked child: 90862</font></div><div class=""><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class="">Am 31.01.2018 um 00:39 schrieb Ken Murchison <<a href="mailto:murch@fastmail.com" class="">murch@fastmail.com</a>>:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">You're understanding is correct. Can you run saslauthd with the
-d (debug) command line option and see if it sheds any light?</p><p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 01/30/2018 06:31 PM, Michael Rüger
wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:F91BF1D0-0B79-4DFD-B6CD-3372274F13C6@gmail.com" class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
Yes, Ken. The whole jail is freshly fired up. Yes it seems that
imapd is not calling saslauthd at all. I wondered if saslauthd
support is even compiled in.
<div class=""><br class="">
</div>
<div class="">But if i understand the architecture correctly (and
please correct me if i’m wrong), imap is using the sasl lib, and
the sasl lib should have saslauthd support compiled in. This is
as far as i can see configured by HAVE_SASLAUTHD. I have
compiled the cyrus-sasl lib myself to verify that
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier New">config.h:#define
HAVE_SASLAUTHD /**/</font></div>
<div class=""><br class="">
</div>
<div class="">is enabled and</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier New"><a class="moz-txt-link-abbreviated" href="mailto:root@cyrus3:/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.26/">root@cyrus3:/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.26/</a>
# strings /usr/local/lib/libsasl2.so | grep saslauthd</font></div>
<div class=""><font class="" face="Courier New">saslauthd_path</font></div>
<div class=""><font class="" face="Courier New">/var/run/saslauthd</font></div>
<div class=""><font class="" face="Courier New">cannot create
socket for saslauthd: %m</font></div>
<div class=""><font class="" face="Courier New">cannot connect
to saslauthd server: %m</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">gives me confidence that it is compiled in.</div>
<div class=""><br class="">
</div>
<div class="">I also tried to „dtrace“ into imapd, but had no
success. FreeBSD’s dtrace has some problems inside a jail.</div>
<div class=""><br class="">
</div>
<div class="">So i guess i miss something tiny but important ;)</div>
<div class=""><br class="">
</div>
<div class="">Thx again for your support.</div>
<div class="">Mike</div>
<div class=""><br class="">
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Am 31.01.2018 um 00:09 schrieb Ken Murchison
<<a href="mailto:murch@fastmail.com" class="" moz-do-not-send="true">murch@fastmail.com</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Has Cyrus IMAP been restarted since
switching to saslauthd? It doesn't look like Cyrus
is even trying to use saslauthd.<br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 01/30/2018 06:03 PM,
Michael Rüger wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:30A78EF2-001B-4ED0-AEBB-A4833C7DAE6E@gmail.com" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
Struggled with enabling local6. The trick was to
touch the new syslog output file before restarting
syslog with this new line
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier New">local6.*
/var/log/local6<br class="">
</font>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:/var/log
# cat local6</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: accepted
connection</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: accepted
connection</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: SSL_accept()
incomplete -> wait</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: SSL_accept()
incomplete -> wait</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: SSL_accept()
succeeded -> done</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: SSL_accept()
succeeded -> done</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: starttls:
TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits
new) no authentication</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: starttls:
TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits
new) no authentication</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: SASL no user
in db</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: SASL no user
in db</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: SASL no user
in db</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: SASL unable
to canonify user and get auxprops</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: SASL no user
in db</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: SASL unable
to canonify user and get auxprops</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: badlogin:
[192.168.178.210] SCRAM-SHA-1 [SASL(-13):
user not found: unable to canonify user and
get auxprops]</font></div>
<div class=""><font class="" face="Courier New">Jan
30 22:59:51 cyrus3 imap[90156]: badlogin:
[192.168.178.210] SCRAM-SHA-1 [SASL(-13):
user not found: unable to canonify user and
get auxprops]</font></div>
<div class=""><br class="">
</div>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Am 30.01.2018 um 23:41 schrieb
Ken Murchison <<a href="mailto:murch@fastmail.com" class="" moz-do-not-send="true">murch@fastmail.com</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Hmm.</p><p class="">I just switched my dev box
to using saslauthd and it just
worked. I'm sure your problem is
something simple, but its escaping me
at the moment. <br class="">
</p><p class="">When imtest fails, what is
logged in the Cyrus IMAP log (wherever
local6 is logged)</p><p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On
01/30/2018 05:34 PM, Michael Rüger
wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:2EA6E076-B1E9-442E-BA80-DA9CA23A4666@gmail.com" class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
Ken, thank you for jumping in!
<div class=""><br class="">
</div>
<div class="">Some more info: the apps
run as the following users and
groups</div>
<div class=""><font class="" face="Courier New"><br class="">
</font></div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~
# ps aux</font></div>
<div class=""><font class="" face="Courier New">USER PID
%CPU %MEM VSZ RSS TT STAT
STARTED TIME COMMAND</font></div>
<div class=""><font class="" face="Courier New">root 88686
0.0 0.0 10500 2044 - SsJ
21:40 0:00.02
/usr/sbin/syslogd -s</font></div>
<div class=""><font class="" face="Courier New">root 88717
0.0 0.1 43928 4360 - IsJ
21:40 0:00.01
/usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root 88718
0.0 0.1 43928 4360 - IJ
21:40 0:00.01
/usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root 88720
0.0 0.1 43928 4276 - IJ
21:40 0:00.00
/usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root 88721
0.0 0.1 43928 4360 - IJ
21:40 0:00.01
/usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root 88722
0.0 0.1 43928 4276 - IJ
21:40 0:00.00
/usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">cyrus 88724
0.0 0.1 65504 5884 - SsJ
21:40 0:00.07
/usr/local/cyrus/libexec/master
-d</font></div>
<div class=""><font class="" face="Courier New"><br class="">
</font></div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~
# su - cyrus</font></div>
<div class=""><font class="" face="Courier New">% id</font></div>
<div class=""><font class="" face="Courier New">uid=60(cyrus)
gid=60(cyrus)
groups=60(cyrus),1003(saslauth)</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Am 30.01.2018 um
23:25 schrieb Michael Rüger
<<a href="mailto:michael.g.rueger@gmail.com" class="" moz-do-not-send="true">michael.g.rueger@gmail.com</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
<div style="word-wrap:
break-word;
-webkit-nbsp-mode: space;
line-break:
after-white-space;" class="">
<div class=""><font class="" face="Courier
New">root@cyrus3:~ #
ls -la
/var/run/saslauthd/</font></div>
<div class=""><font class="" face="Courier
New">total 13</font></div>
<div class=""><font class="" face="Courier
New">drwxr-x--- 2
cyrus saslauth 5
Jan 30 21:40 .</font></div>
<div class=""><font class="" face="Courier
New">drwxr-xr-x 6
root wheel 15
Jan 30 21:40 ..</font></div>
<div class=""><font class="" face="Courier
New">srwxrwxrwx 1
root saslauth 0
Jan 30 21:40 mux</font></div>
<div class=""><font class="" face="Courier
New">-rw------- 1
root saslauth 0
Jan 30 21:40
mux.accept</font></div>
<div class=""><font class="" face="Courier
New">-rw------- 1
root saslauth 6
Jan 30 21:40
saslauthd.pid</font></div>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Am
30.01.2018 um 23:23
schrieb Ken
Murchison <<a href="mailto:murch@fastmail.com" class="" moz-do-not-send="true">murch@fastmail.com</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Hi
Michael,</p><p class="">What
are the
permissions on
the socket that
saslauthd is
listening on?</p><p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On
01/30/2018 05:06
PM, Michael
Rüger wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:55482002-0BFC-4016-97A5-6B15F7A32703@gmail.com" class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
Hi
<div class=""><br class="">
</div>
<div class="">(btw.
i
was Guest39278
on IRC
yesterday and
got the chance
to introduce
myself on
googletalk)</div>
<div class=""><br class="">
</div>
<div class="">I’m
trying to set
up imapd to
use saslauthd
for
authentication.</div>
<div class=""><br class="">
</div>
<div class="">I
have already a
running
saslauthd
which uses
PAM. I can run
this</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier
New">root@cyrus3:/
#
testsaslauthd
-u mike -p
mike</font></div>
<div class=""><font class="" face="Courier
New">0: OK
"Success.“</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">and
if i run</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier
New">root@cyrus3:/
#
testsaslauthd
-u mike -p abc</font></div>
<div class=""><font class="" face="Courier
New">0: NO
"authentication
failed“</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">i
get that
logged in
auth.log like
this</div>
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier
New">Jan 30
21:43:53
cyrus3
saslauthd[88721]:
do_auth
: auth
failure:
[user=mike]
[service=imap]
[realm=]
[mech=pam]
[reason=PAM
auth error]</font></div>
<div class=""><br class="">
</div>
<div class="">In
imapd.conf i
have</div>
<div class=""><font class="" face="Courier
New"><br class="">
</font></div>
<div class=""><font class="" face="Courier
New">sasl_pwcheck_method:
saslauthd</font></div>
<div class=""><br class="">
</div>
<div class="">Now
i’m
authenticate
against imapd</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier
New">root@cyrus3:~
# imtest -t ""
-u mike -a
mike -w mike
localhost</font></div>
<div class=""><font class="" face="Courier
New">S: * OK
[CAPABILITY
IMAP4rev1
LITERAL+ ID
ENABLE
STARTTLS
LOGINDISABLED
AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] <a href="http://cyrus3.intern.rueger.me/" class="" moz-do-not-send="true">cyrus3.intern.rueger.me</a>
Cyrus IMAP
3.0.5 server
ready</font></div>
<div class=""><font class="" face="Courier
New">C: S01
STARTTLS</font></div>
<div class=""><font class="" face="Courier
New">S: S01 OK
Begin TLS
negotiation
now</font></div>
<div class=""><font class="" face="Courier
New">verify
error:num=18:self
signed
certificate</font></div>
<div class=""><font class="" face="Courier
New">TLS
connection
established:
TLSv1.2 with
cipher
ECDHE-RSA-AES256-GCM-SHA384
(256/256 bits)</font></div>
<div class=""><font class="" face="Courier
New">C: C01
CAPABILITY</font></div>
<div class=""><font class="" face="Courier
New">S: *
CAPABILITY
IMAP4rev1
LITERAL+ ID
ENABLE ACL
RIGHTS=kxten
QUOTA
MAILBOX-REFERRALS
NAMESPACE
UIDPLUS
NO_ATOMIC_RENAME
UNSELECT
CHILDREN
MULTIAPPEND
BINARY
CATENATE
CONDSTORE
ESEARCH
SEARCH=FUZZY
SORT
SORT=MODSEQ
SORT=DISPLAY
SORT=UID
THREAD=ORDEREDSUBJECT
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1
METADATA
LIST-EXTENDED
LIST-STATUS
LIST-MYRIGHTS
LIST-METADATA
WITHIN QRESYNC
SCAN XLIST
XMOVE MOVE
SPECIAL-USE
CREATE-SPECIAL-USE
DIGEST=SHA1
X-REPLICATION
URLAUTH
URLAUTH=BINARY
AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN
AUTH=LOGIN
SASL-IR
COMPRESS=DEFLATE
X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS
IDLE</font></div>
<div class=""><font class="" face="Courier
New">S: C01 OK
Completed</font></div>
<div class=""><font class="" face="Courier
New">C: A01
AUTHENTICATE
SCRAM-SHA-1
bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=</font></div>
<div class=""><font class="" face="Courier
New">S: A01 NO
authentication
failure</font></div>
<div class=""><font class="" face="Courier
New">Authentication
failed.
generic
failure</font></div>
<div class=""><font class="" face="Courier
New">Security
strength
factor: 256</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">Nothing
is reported in
auth.conf</div>
<div class=""><br class="">
</div>
<div class="">If
i do this</div>
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier
New">root@cyrus3:~
# saslpasswd2
-c <a href="mailto:mike@cyrus3.intern.rueger.me" class="" moz-do-not-send="true">mike@cyrus3.intern.rueger.me</a></font></div>
<div class=""><font class="" face="Courier
New">…<entering
„mike“ twice
here></font></div>
<div class=""><font class="" face="Courier
New">root@cyrus3:~
# imtest -t ""
-u mike -a
mike -w mike
localhost</font></div>
<div class=""><font class="" face="Courier
New">S: * OK
[CAPABILITY
IMAP4rev1
LITERAL+ ID
ENABLE
STARTTLS
LOGINDISABLED
AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] <a href="http://cyrus3.intern.rueger.me/" class="" moz-do-not-send="true">cyrus3.intern.rueger.me</a>
Cyrus IMAP
3.0.5 server
ready</font></div>
<div class=""><font class="" face="Courier
New">C: S01
STARTTLS</font></div>
<div class=""><font class="" face="Courier
New">…</font></div>
<div class="">
<div class=""><font class="" face="Courier
New">Authenticated.</font></div>
<div class=""><font class="" face="Courier
New">Security
strength
factor: 256</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">it
is working
against local
db BUT NOT
against
saslauthd.</div>
<div class=""><br class="">
</div>
<div class="">How
do i setup
imapd to talk
to saslauthd?</div>
<div class=""><br class="">
</div>
<div class="">BTW
i’m using </div>
<div class="">* cyrus-imapd30-3.0.5</div>
<div class="">* cyrus-sasl-2.1.26_13</div>
<div class="">*
cyrus-sasl-saslauthd-2.1.26_3</div>
<div class="">on
FreeBSD 11.1</div>
<div class=""><br class="">
</div>
<div class="">Thank
you for any
help,</div>
<div class="">Mike</div>
<div class=""><br class="">
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span id="cid:1EB1CA7E-9C20-44D1-9F93-EC1E28AB5F60@fritz.box" class=""><murch.vcf></span></div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span id="cid:F7012A0F-115C-49B1-9917-9E5060EB1398@fritz.box" class=""><murch.vcf></span></div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span id="cid:9F76DDF6-D122-472F-B9CC-0A60BC8CF5CA@fritz.box" class=""><murch.vcf></span></div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span id="cid:1A50A839-A5A3-46B0-A206-C5EDB9159EDE@fritz.box"><murch.vcf></span></div></blockquote></div><br class=""></body></html>