<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Yes, Ken. The whole jail is freshly fired up. Yes it seems that imapd is not calling saslauthd at all. I wondered if saslauthd support is even compiled in.<div class=""><br class=""></div><div class="">But if i understand the architecture correctly (and please correct me if i’m wrong), imap is using the sasl lib, and the sasl lib should have saslauthd support compiled in. This is as far as i can see configured by HAVE_SASLAUTHD. I have compiled the cyrus-sasl lib myself to verify that<div class=""><br class=""></div><div class=""><font face="Courier New" class="">config.h:#define HAVE_SASLAUTHD /**/</font></div><div class=""><br class=""></div><div class="">is enabled and</div><div class=""><br class=""></div><div class=""><div class=""><font face="Courier New" class="">root@cyrus3:/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.26/ # strings /usr/local/lib/libsasl2.so | grep saslauthd</font></div><div class=""><font face="Courier New" class="">saslauthd_path</font></div><div class=""><font face="Courier New" class="">/var/run/saslauthd</font></div><div class=""><font face="Courier New" class="">cannot create socket for saslauthd: %m</font></div><div class=""><font face="Courier New" class="">cannot connect to saslauthd server: %m</font></div></div><div class=""><br class=""></div><div class="">gives me confidence that it is compiled in.</div><div class=""><br class=""></div><div class="">I also tried to „dtrace“ into imapd, but had no success. FreeBSD’s dtrace has some problems inside a jail.</div><div class=""><br class=""></div><div class="">So i guess i miss something tiny but important ;)</div><div class=""><br class=""></div><div class="">Thx again for your support.</div><div class="">Mike</div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">Am 31.01.2018 um 00:09 schrieb Ken Murchison <<a href="mailto:murch@fastmail.com" class="">murch@fastmail.com</a>>:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Has Cyrus IMAP been restarted since switching to saslauthd? It
doesn't look like Cyrus is even trying to use saslauthd.<br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 01/30/2018 06:03 PM, Michael Rüger
wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:30A78EF2-001B-4ED0-AEBB-A4833C7DAE6E@gmail.com" class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
Struggled with enabling local6. The trick was to touch the new
syslog output file before restarting syslog with this new line
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier New">local6.*
/var/log/local6<br class="">
</font>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:/var/log
# cat local6</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: accepted connection</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: accepted connection</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SSL_accept() incomplete ->
wait</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SSL_accept() incomplete ->
wait</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SSL_accept() succeeded ->
done</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SSL_accept() succeeded ->
done</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: starttls: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no
authentication</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: starttls: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no
authentication</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL unable to canonify user
and get auxprops</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: SASL unable to canonify user
and get auxprops</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: badlogin: [192.168.178.210]
SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify
user and get auxprops]</font></div>
<div class=""><font class="" face="Courier New">Jan 30
22:59:51 cyrus3 imap[90156]: badlogin: [192.168.178.210]
SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify
user and get auxprops]</font></div>
<div class=""><br class="">
</div>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Am 30.01.2018 um 23:41 schrieb Ken Murchison
<<a href="mailto:murch@fastmail.com" class="" moz-do-not-send="true">murch@fastmail.com</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Hmm.</p><p class="">I just switched my dev box to using
saslauthd and it just worked. I'm sure your problem
is something simple, but its escaping me at the
moment. <br class="">
</p><p class="">When imtest fails, what is logged in the
Cyrus IMAP log (wherever local6 is logged)</p><p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 01/30/2018 05:34 PM,
Michael Rüger wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:2EA6E076-B1E9-442E-BA80-DA9CA23A4666@gmail.com" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
Ken, thank you for jumping in!
<div class=""><br class="">
</div>
<div class="">Some more info: the apps run as the
following users and groups</div>
<div class=""><font class="" face="Courier New"><br class="">
</font></div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~
# ps aux</font></div>
<div class=""><font class="" face="Courier New">USER
PID %CPU %MEM VSZ RSS TT STAT STARTED
TIME COMMAND</font></div>
<div class=""><font class="" face="Courier New">root
88686 0.0 0.0 10500 2044 - SsJ 21:40
0:00.02 /usr/sbin/syslogd -s</font></div>
<div class=""><font class="" face="Courier New">root
88717 0.0 0.1 43928 4360 - IsJ 21:40
0:00.01 /usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root
88718 0.0 0.1 43928 4360 - IJ 21:40
0:00.01 /usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root
88720 0.0 0.1 43928 4276 - IJ 21:40
0:00.00 /usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root
88721 0.0 0.1 43928 4360 - IJ 21:40
0:00.01 /usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root
88722 0.0 0.1 43928 4276 - IJ 21:40
0:00.00 /usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">cyrus
88724 0.0 0.1 65504 5884 - SsJ 21:40
0:00.07 /usr/local/cyrus/libexec/master -d</font></div>
<div class=""><font class="" face="Courier New"><br class="">
</font></div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~
# su - cyrus</font></div>
<div class=""><font class="" face="Courier New">%
id</font></div>
<div class=""><font class="" face="Courier New">uid=60(cyrus)
gid=60(cyrus)
groups=60(cyrus),1003(saslauth)</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Am 30.01.2018 um 23:25 schrieb
Michael Rüger <<a href="mailto:michael.g.rueger@gmail.com" class="" moz-do-not-send="true">michael.g.rueger@gmail.com</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div style="word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;" class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~ #
ls -la /var/run/saslauthd/</font></div>
<div class=""><font class="" face="Courier New">total 13</font></div>
<div class=""><font class="" face="Courier New">drwxr-x--- 2
cyrus saslauth 5 Jan 30 21:40 .</font></div>
<div class=""><font class="" face="Courier New">drwxr-xr-x 6
root wheel 15 Jan 30 21:40 ..</font></div>
<div class=""><font class="" face="Courier New">srwxrwxrwx 1
root saslauth 0 Jan 30 21:40 mux</font></div>
<div class=""><font class="" face="Courier New">-rw------- 1
root saslauth 0 Jan 30 21:40
mux.accept</font></div>
<div class=""><font class="" face="Courier New">-rw------- 1
root saslauth 6 Jan 30 21:40
saslauthd.pid</font></div>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Am 30.01.2018 um 23:23
schrieb Ken Murchison <<a href="mailto:murch@fastmail.com" class="" moz-do-not-send="true">murch@fastmail.com</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Hi Michael,</p><p class="">What are the
permissions on the socket that
saslauthd is listening on?</p><p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On
01/30/2018 05:06 PM, Michael
Rüger wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:55482002-0BFC-4016-97A5-6B15F7A32703@gmail.com" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
Hi
<div class=""><br class="">
</div>
<div class="">(btw. i
was Guest39278 on IRC
yesterday and got the chance
to introduce myself on
googletalk)</div>
<div class=""><br class="">
</div>
<div class="">I’m trying to
set up imapd to use
saslauthd for
authentication.</div>
<div class=""><br class="">
</div>
<div class="">I have already a
running saslauthd which uses
PAM. I can run this</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:/
# testsaslauthd -u mike
-p mike</font></div>
<div class=""><font class="" face="Courier New">0: OK
"Success.“</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">and if i run</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:/
# testsaslauthd -u mike
-p abc</font></div>
<div class=""><font class="" face="Courier New">0: NO
"authentication failed“</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">i get that
logged in auth.log like this</div>
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier New">Jan 30
21:43:53 cyrus3
saslauthd[88721]: do_auth
: auth failure:
[user=mike] [service=imap]
[realm=] [mech=pam]
[reason=PAM auth error]</font></div>
<div class=""><br class="">
</div>
<div class="">In imapd.conf i
have</div>
<div class=""><font class="" face="Courier New"><br class="">
</font></div>
<div class=""><font class="" face="Courier New">sasl_pwcheck_method:
saslauthd</font></div>
<div class=""><br class="">
</div>
<div class="">Now i’m
authenticate against imapd</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~
# imtest -t "" -u mike
-a mike -w mike
localhost</font></div>
<div class=""><font class="" face="Courier New">S: *
OK [CAPABILITY IMAP4rev1
LITERAL+ ID ENABLE
STARTTLS LOGINDISABLED
AUTH=SCRAM-SHA-1
AUTH=DIGEST-MD5
AUTH=CRAM-MD5 AUTH=NTLM
SASL-IR] <a href="http://cyrus3.intern.rueger.me/" class="" moz-do-not-send="true">cyrus3.intern.rueger.me</a>
Cyrus IMAP 3.0.5 server
ready</font></div>
<div class=""><font class="" face="Courier New">C:
S01 STARTTLS</font></div>
<div class=""><font class="" face="Courier New">S:
S01 OK Begin TLS
negotiation now</font></div>
<div class=""><font class="" face="Courier New">verify
error:num=18:self signed
certificate</font></div>
<div class=""><font class="" face="Courier New">TLS
connection established:
TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384
(256/256 bits)</font></div>
<div class=""><font class="" face="Courier New">C:
C01 CAPABILITY</font></div>
<div class=""><font class="" face="Courier New">S: *
CAPABILITY IMAP4rev1
LITERAL+ ID ENABLE ACL
RIGHTS=kxten QUOTA
MAILBOX-REFERRALS
NAMESPACE UIDPLUS
NO_ATOMIC_RENAME
UNSELECT CHILDREN
MULTIAPPEND BINARY
CATENATE CONDSTORE
ESEARCH SEARCH=FUZZY
SORT SORT=MODSEQ
SORT=DISPLAY SORT=UID
THREAD=ORDEREDSUBJECT
THREAD=REFERENCES
THREAD=REFS ANNOTATEMORE
ANNOTATE-EXPERIMENT-1
METADATA LIST-EXTENDED
LIST-STATUS
LIST-MYRIGHTS
LIST-METADATA WITHIN
QRESYNC SCAN XLIST XMOVE
MOVE SPECIAL-USE
CREATE-SPECIAL-USE
DIGEST=SHA1
X-REPLICATION URLAUTH
URLAUTH=BINARY
AUTH=SCRAM-SHA-1
AUTH=DIGEST-MD5
AUTH=CRAM-MD5 AUTH=NTLM
AUTH=PLAIN AUTH=LOGIN
SASL-IR COMPRESS=DEFLATE
X-QUOTA=STORAGE
X-QUOTA=MESSAGE
X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS
IDLE</font></div>
<div class=""><font class="" face="Courier New">S:
C01 OK Completed</font></div>
<div class=""><font class="" face="Courier New">C:
A01 AUTHENTICATE
SCRAM-SHA-1
bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=</font></div>
<div class=""><font class="" face="Courier New">S:
A01 NO authentication
failure</font></div>
<div class=""><font class="" face="Courier New">Authentication
failed. generic failure</font></div>
<div class=""><font class="" face="Courier New">Security
strength factor: 256</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">Nothing is
reported in auth.conf</div>
<div class=""><br class="">
</div>
<div class="">If i do this</div>
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier New">root@cyrus3:~
# saslpasswd2 -c <a href="mailto:mike@cyrus3.intern.rueger.me" class="" moz-do-not-send="true">mike@cyrus3.intern.rueger.me</a></font></div>
<div class=""><font class="" face="Courier New">…<entering
„mike“ twice here></font></div>
<div class=""><font class="" face="Courier New">root@cyrus3:~
# imtest -t "" -u mike -a
mike -w mike localhost</font></div>
<div class=""><font class="" face="Courier New">S: * OK
[CAPABILITY IMAP4rev1
LITERAL+ ID ENABLE
STARTTLS LOGINDISABLED
AUTH=SCRAM-SHA-1
AUTH=DIGEST-MD5
AUTH=CRAM-MD5 AUTH=NTLM
SASL-IR] <a href="http://cyrus3.intern.rueger.me/" class="" moz-do-not-send="true">cyrus3.intern.rueger.me</a>
Cyrus IMAP 3.0.5 server
ready</font></div>
<div class=""><font class="" face="Courier New">C: S01
STARTTLS</font></div>
<div class=""><font class="" face="Courier New">…</font></div>
<div class="">
<div class=""><font class="" face="Courier New">Authenticated.</font></div>
<div class=""><font class="" face="Courier New">Security
strength factor: 256</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">it is working
against local db BUT NOT
against saslauthd.</div>
<div class=""><br class="">
</div>
<div class="">How do i setup
imapd to talk to saslauthd?</div>
<div class=""><br class="">
</div>
<div class="">BTW i’m using </div>
<div class="">* cyrus-imapd30-3.0.5</div>
<div class="">* cyrus-sasl-2.1.26_13</div>
<div class="">*
cyrus-sasl-saslauthd-2.1.26_3</div>
<div class="">on FreeBSD 11.1</div>
<div class=""><br class="">
</div>
<div class="">Thank you for
any help,</div>
<div class="">Mike</div>
<div class=""><br class="">
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span id="cid:1EB1CA7E-9C20-44D1-9F93-EC1E28AB5F60@fritz.box" class=""><murch.vcf></span></div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span id="cid:F7012A0F-115C-49B1-9917-9E5060EB1398@fritz.box" class=""><murch.vcf></span></div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span id="cid:9F76DDF6-D122-472F-B9CC-0A60BC8CF5CA@fritz.box"><murch.vcf></span></div></blockquote></div><br class=""></div></div></body></html>