Cyrus+SASL+PAM+pam_mysql Migration problem

Alexander Dalloz ad+lists at uni-x.org
Tue Jun 27 14:32:52 EDT 2006 

Am Di, den 27.06.2006 schrieb Alexandru E. Ungur um 18:25:

> 3. [root at mailtx1 lib]# testsaslauthd -u cyrus -p PASSWORD -s imap
>    0: OK "Success."
> 
> So I think I got the sasl+pam+mysql part working (but I could be wrong,
> I'm pretty new to the whole cyrus world :D)
> 
> Now, my problem is that I cannot for the life of me get cyradm working.
> Here is the imapd.conf:
> 
> configdirectory: /cyrus/imap
> partition-default: /cyrus/spool
> defaultacl: lrswipcd
> admins: cyrus at domainZ=com cyrus at domainZ.com cyrus

Do you use virtdomain support with Cyrus-IMAPd? If not, then appending
the realm isn't necessary. Else you too have to run saslauthd with
parameter "-r". Your database and SQL statements do not indicate
user at realm usage.

> allowanonymouslogin: no
> timeout: 400
> plaintextloginpause: 0
> quotawarn: 90
> autocreatequota: 50000
> singleinstancestore: yes
> 
> drachost: localhost
> dracinterval: 600
> 
> #sasl_pwcheck_method: pam
> sasl_pwcheck_method: saslauthd

Proper entry to use saslauthd

> loginrealms: all
> sasl_auxprop_plugin: mysqlauxprop

Remove that. You already use / have setup saslauth (with pam -> mysql)!

> sasl_mysql_user: cyrus
> sasl_mysql_passwd: cypass
> sasl_mysql_hostnames: localhost
> sasl_mysql_database: email
> sasl_mysql_statement: select password from popusers where alias='%u' and domain='%r'
> #sasl_mysql_statement: select md5(password) from popusers where alias='%u' and domain='%r'
> sasl_mysql_verbose: yes

Remove all those lines too. Those settings conflict with saslauthd
usage: either saslauthd or auxprop with sql plugin. As saslauthd already
works I see no reason introduce a different way for authing here.

> allowplaintext: yes
> #sasl_mech_list: PLAIN

Defining offered/valid mechanisms seems a good choice for me. At least
it makes things more clear.

> 
> sieveusehomedir: false
> sievedir: /usr/local/sieve
> sieve_maxscriptsize: 32
> sieve_maxscripts: 5
> 
> partition-0: /cyrus/spool/0
> partition-1: /cyrus/spool/1
> # ... and so on ...

> This is what I get in the log:
> Jun 27 04:18:39 mailtx1 master[691]: about to exec
> /usr/lib/cyrus-imapd/imapd
> Jun 27 04:18:39 mailtx1 imap[691]: executed
> Jun 27 04:18:39 mailtx1 imap[691]: sql_select option missing
> Jun 27 04:18:39 mailtx1 imap[691]: auxpropfunc error no mechanism available
> Jun 27 04:18:39 mailtx1 imap[691]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

All trouble from the auxprop imapd.conf settings. Once you remove them
they disappear.

> Jun 27 04:18:39 mailtx1 imap[691]: accepted connection
> Jun 27 04:18:39 mailtx1 imap[691]: DIGEST-MD5 server step 1
> Jun 27 04:18:39 mailtx1 perl: DIGEST-MD5 client step 2
> Jun 27 04:18:43 mailtx1 imap[691]: DIGEST-MD5 server step 2
> Jun 27 04:18:43 mailtx1 imap[691]: could not find auxprop plugin, was searching for 'mysqlauxprop'
> Jun 27 04:18:43 mailtx1 imap[691]: could not find auxprop plugin, was searching for 'mysqlauxprop'
> Jun 27 04:18:43 mailtx1 imap[691]: no secret in database
> Jun 27 04:18:43 mailtx1 imap[691]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database]
> Jun 27 04:18:46 mailtx1 perl: GSSAPI Error: Miscellaneous failure (No credentials cache found)
> Jun 27 04:18:46 mailtx1 perl: NTLM client step 1
> Jun 27 04:18:46 mailtx1 imap[691]: NTLM server step 1
> Jun 27 04:18:46 mailtx1 imap[691]: client flags: 207
> Jun 27 04:18:46 mailtx1 perl: NTLM client step 2
> Jun 27 04:18:46 mailtx1 imap[691]: bad userid authenticated
> Jun 27 04:18:46 mailtx1 imap[691]: badlogin: localhost [127.0.0.1] CRAM-MD5 [SASL(-13): authentication failure: bad userid authenticated]
> Jun 27 04:18:49 mailtx1 perl: No worthy mechs found

Different mechs are probed once the initial auth setup failed.

> I would really appreciate any tips/pointers/help on how to debug/fix
> this further.
> 
> Thank you very much,
> Alex

Alexander


-- 
Alexander Dalloz | Löhne, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 20:21:25 up 6:43, 10 users, 0.10, 0.12, 0.09 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20060627/c4f730a1/attachment.bin

More information about the Info-cyrus mailing list