<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Struggled with enabling local6. The trick was to touch the new syslog output file before restarting syslog with this new line<div class=""><br class=""></div><div class=""><font face="Courier New" class="">local6.* /var/log/local6<br class=""></font><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><div class=""><font face="Courier New" class="">root@cyrus3:/var/log # cat local6</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: accepted connection</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: accepted connection</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: SSL_accept() incomplete -> wait</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: SSL_accept() incomplete -> wait</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: SSL_accept() succeeded -> done</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: SSL_accept() succeeded -> done</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: SASL unable to canonify user and get auxprops</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: SASL no user in db</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: SASL unable to canonify user and get auxprops</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: badlogin: [192.168.178.210] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops]</font></div><div class=""><font face="Courier New" class="">Jan 30 22:59:51 cyrus3 imap[90156]: badlogin: [192.168.178.210] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops]</font></div><div class=""><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class="">Am 30.01.2018 um 23:41 schrieb Ken Murchison <<a href="mailto:murch@fastmail.com" class="">murch@fastmail.com</a>>:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Hmm.</p><p class="">I just switched my dev box to using saslauthd and it just
worked. I'm sure your problem is something simple, but its
escaping me at the moment. <br class="">
</p><p class="">When imtest fails, what is logged in the Cyrus IMAP log (wherever
local6 is logged)</p><p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 01/30/2018 05:34 PM, Michael Rüger
wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:2EA6E076-B1E9-442E-BA80-DA9CA23A4666@gmail.com" class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
Ken, thank you for jumping in!
<div class=""><br class="">
</div>
<div class="">Some more info: the apps run as the following users
and groups</div>
<div class=""><font class="" face="Courier New"><br class="">
</font></div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~ #
ps aux</font></div>
<div class=""><font class="" face="Courier New">USER PID %CPU
%MEM VSZ RSS TT STAT STARTED TIME COMMAND</font></div>
<div class=""><font class="" face="Courier New">root 88686 0.0
0.0 10500 2044 - SsJ 21:40 0:00.02 /usr/sbin/syslogd
-s</font></div>
<div class=""><font class="" face="Courier New">root 88717 0.0
0.1 43928 4360 - IsJ 21:40 0:00.01
/usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root 88718 0.0
0.1 43928 4360 - IJ 21:40 0:00.01
/usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root 88720 0.0
0.1 43928 4276 - IJ 21:40 0:00.00
/usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root 88721 0.0
0.1 43928 4360 - IJ 21:40 0:00.01
/usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">root 88722 0.0
0.1 43928 4276 - IJ 21:40 0:00.00
/usr/local/sbin/saslauthd -a pam</font></div>
<div class=""><font class="" face="Courier New">cyrus 88724 0.0
0.1 65504 5884 - SsJ 21:40 0:00.07
/usr/local/cyrus/libexec/master -d</font></div>
<div class=""><font class="" face="Courier New"><br class="">
</font></div>
<div class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~
# su - cyrus</font></div>
<div class=""><font class="" face="Courier New">% id</font></div>
<div class=""><font class="" face="Courier New">uid=60(cyrus)
gid=60(cyrus) groups=60(cyrus),1003(saslauth)</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Am 30.01.2018 um 23:25 schrieb Michael Rüger
<<a href="mailto:michael.g.rueger@gmail.com" class="" moz-do-not-send="true">michael.g.rueger@gmail.com</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode:
space; line-break: after-white-space;" class="">
<div class=""><font class="" face="Courier New">root@cyrus3:~
# ls -la /var/run/saslauthd/</font></div>
<div class=""><font class="" face="Courier New">total
13</font></div>
<div class=""><font class="" face="Courier New">drwxr-x---
2 cyrus saslauth 5 Jan 30 21:40 .</font></div>
<div class=""><font class="" face="Courier New">drwxr-xr-x
6 root wheel 15 Jan 30 21:40 ..</font></div>
<div class=""><font class="" face="Courier New">srwxrwxrwx
1 root saslauth 0 Jan 30 21:40 mux</font></div>
<div class=""><font class="" face="Courier New">-rw-------
1 root saslauth 0 Jan 30 21:40 mux.accept</font></div>
<div class=""><font class="" face="Courier New">-rw-------
1 root saslauth 6 Jan 30 21:40 saslauthd.pid</font></div>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Am 30.01.2018 um 23:23 schrieb Ken
Murchison <<a href="mailto:murch@fastmail.com" class="" moz-do-not-send="true">murch@fastmail.com</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Hi Michael,</p><p class="">What are the permissions on the
socket that saslauthd is listening on?</p><p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 01/30/2018
05:06 PM, Michael Rüger wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:55482002-0BFC-4016-97A5-6B15F7A32703@gmail.com" class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
Hi
<div class=""><br class="">
</div>
<div class="">(btw. i was Guest39278 on IRC
yesterday and got the chance to introduce
myself on googletalk)</div>
<div class=""><br class="">
</div>
<div class="">I’m trying to set up imapd to
use saslauthd for authentication.</div>
<div class=""><br class="">
</div>
<div class="">I have already a running
saslauthd which uses PAM. I can run this</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier
New">root@cyrus3:/ # testsaslauthd -u
mike -p mike</font></div>
<div class=""><font class="" face="Courier
New">0: OK "Success.“</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">and if i run</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier
New">root@cyrus3:/ # testsaslauthd -u
mike -p abc</font></div>
<div class=""><font class="" face="Courier
New">0: NO "authentication failed“</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">i get that logged in auth.log
like this</div>
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier
New">Jan 30 21:43:53 cyrus3
saslauthd[88721]: do_auth : auth
failure: [user=mike] [service=imap]
[realm=] [mech=pam] [reason=PAM auth
error]</font></div>
<div class=""><br class="">
</div>
<div class="">In imapd.conf i have</div>
<div class=""><font class="" face="Courier
New"><br class="">
</font></div>
<div class=""><font class="" face="Courier
New">sasl_pwcheck_method: saslauthd</font></div>
<div class=""><br class="">
</div>
<div class="">Now i’m authenticate against
imapd</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><font class="" face="Courier
New">root@cyrus3:~ # imtest -t "" -u
mike -a mike -w mike localhost</font></div>
<div class=""><font class="" face="Courier
New">S: * OK [CAPABILITY IMAP4rev1
LITERAL+ ID ENABLE STARTTLS
LOGINDISABLED AUTH=SCRAM-SHA-1
AUTH=DIGEST-MD5 AUTH=CRAM-MD5
AUTH=NTLM SASL-IR] <a href="http://cyrus3.intern.rueger.me/" class="" moz-do-not-send="true">cyrus3.intern.rueger.me</a>
Cyrus IMAP 3.0.5 server ready</font></div>
<div class=""><font class="" face="Courier
New">C: S01 STARTTLS</font></div>
<div class=""><font class="" face="Courier
New">S: S01 OK Begin TLS negotiation
now</font></div>
<div class=""><font class="" face="Courier
New">verify error:num=18:self signed
certificate</font></div>
<div class=""><font class="" face="Courier
New">TLS connection established:
TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)</font></div>
<div class=""><font class="" face="Courier
New">C: C01 CAPABILITY</font></div>
<div class=""><font class="" face="Courier
New">S: * CAPABILITY IMAP4rev1
LITERAL+ ID ENABLE ACL RIGHTS=kxten
QUOTA MAILBOX-REFERRALS NAMESPACE
UIDPLUS NO_ATOMIC_RENAME UNSELECT
CHILDREN MULTIAPPEND BINARY CATENATE
CONDSTORE ESEARCH SEARCH=FUZZY SORT
SORT=MODSEQ SORT=DISPLAY SORT=UID
THREAD=ORDEREDSUBJECT
THREAD=REFERENCES THREAD=REFS
ANNOTATEMORE ANNOTATE-EXPERIMENT-1
METADATA LIST-EXTENDED LIST-STATUS
LIST-MYRIGHTS LIST-METADATA WITHIN
QRESYNC SCAN XLIST XMOVE MOVE
SPECIAL-USE CREATE-SPECIAL-USE
DIGEST=SHA1 X-REPLICATION URLAUTH
URLAUTH=BINARY AUTH=SCRAM-SHA-1
AUTH=DIGEST-MD5 AUTH=CRAM-MD5
AUTH=NTLM AUTH=PLAIN AUTH=LOGIN
SASL-IR COMPRESS=DEFLATE
X-QUOTA=STORAGE X-QUOTA=MESSAGE
X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS IDLE</font></div>
<div class=""><font class="" face="Courier
New">S: C01 OK Completed</font></div>
<div class=""><font class="" face="Courier
New">C: A01 AUTHENTICATE SCRAM-SHA-1
bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=</font></div>
<div class=""><font class="" face="Courier
New">S: A01 NO authentication failure</font></div>
<div class=""><font class="" face="Courier
New">Authentication failed. generic
failure</font></div>
<div class=""><font class="" face="Courier
New">Security strength factor: 256</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">Nothing is reported in
auth.conf</div>
<div class=""><br class="">
</div>
<div class="">If i do this</div>
<div class=""><br class="">
</div>
<div class=""><font class="" face="Courier
New">root@cyrus3:~ # saslpasswd2 -c <a href="mailto:mike@cyrus3.intern.rueger.me" class="" moz-do-not-send="true">mike@cyrus3.intern.rueger.me</a></font></div>
<div class=""><font class="" face="Courier
New">…<entering „mike“ twice here></font></div>
<div class=""><font class="" face="Courier
New">root@cyrus3:~ # imtest -t "" -u
mike -a mike -w mike localhost</font></div>
<div class=""><font class="" face="Courier
New">S: * OK [CAPABILITY IMAP4rev1
LITERAL+ ID ENABLE STARTTLS
LOGINDISABLED AUTH=SCRAM-SHA-1
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM
SASL-IR] <a href="http://cyrus3.intern.rueger.me/" class="" moz-do-not-send="true">cyrus3.intern.rueger.me</a>
Cyrus IMAP 3.0.5 server ready</font></div>
<div class=""><font class="" face="Courier
New">C: S01 STARTTLS</font></div>
<div class=""><font class="" face="Courier
New">…</font></div>
<div class="">
<div class=""><font class="" face="Courier
New">Authenticated.</font></div>
<div class=""><font class="" face="Courier
New">Security strength factor: 256</font></div>
</div>
<div class=""><br class="">
</div>
<div class="">it is working against local db
BUT NOT against saslauthd.</div>
<div class=""><br class="">
</div>
<div class="">How do i setup imapd to talk
to saslauthd?</div>
<div class=""><br class="">
</div>
<div class="">BTW i’m using </div>
<div class="">* cyrus-imapd30-3.0.5</div>
<div class="">* cyrus-sasl-2.1.26_13</div>
<div class="">*
cyrus-sasl-saslauthd-2.1.26_3</div>
<div class="">on FreeBSD 11.1</div>
<div class=""><br class="">
</div>
<div class="">Thank you for any help,</div>
<div class="">Mike</div>
<div class=""><br class="">
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span id="cid:1EB1CA7E-9C20-44D1-9F93-EC1E28AB5F60@fritz.box" class=""><murch.vcf></span></div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</div>
<span id="cid:F7012A0F-115C-49B1-9917-9E5060EB1398@fritz.box"><murch.vcf></span></div></blockquote></div><br class=""></div></div></body></html>