How to test timsieved

Paul van der Vlis paul at vandervlis.nl
Fri Aug 14 03:59:00 EDT 2009 

Dan White schreef:
> On 13/08/09 16:56 +0200, Paul van der Vlis wrote:
>>>> Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth         : auth
>>>> failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM
>>>> auth error]
>>>>
>>>
>>> testsaslauthd -u username -p password
>>> testsaslauthd -u username -p password -s sieve
>>> testsaslauthd -u username -p password -s imap
>>>
>>> Do you get different answers?
>>
>> No, they give all:  0: OK "Success." when I do it as root or as user
>> cyrus.
>>
>> But when I execute "testsaslauthd" as another user, it fails with a
>> "connect() : Permission denied".
>> But this is also the case on the other machine what works correct.
> 
> It looks like you're configured to allow members of the sasl group to
> access the saslauthd mux, so that error is to be expected.
> 
>> sasl_mech_list: PLAIN
>> sasl_minimum_layer: 0
>> #sasl_maximum_layer: 256
>> sasl_pwcheck_method: saslauthd
>> #sasl_auxprop_plugin: sasldb
>> sasl_auto_transition: no
>>
>> /etc/default/saslauthd:
>> START=yes
>> MECHANISMS="pam"
>> MECH_OPTIONS=""
>> THREADS=5
>> OPTIONS="-c"
>>
>> Maybe this is important:
>> sigmund:~# ls -ld /var/run/saslauthd
>> lrwxrwxrwx 1 root root 37 2009-07-22 14:01 /var/run/saslauthd ->
>> /var/spool/postfix/var/run/saslauthd/
>> sigmund:~# ls -ld /var/spool/postfix/var/run/saslauthd/
>> drwx--x--- 2 root sasl 200 2009-07-22 14:02
>> /var/spool/postfix/var/run/saslauthd/
>> sigmund:~# ls -l /var/spool/postfix/var/run/saslauthd/
>> total 929
>> -rw------- 1 root root      0 2009-07-22 14:02 cache.flock
>> -rw------- 1 root root 945152 2009-07-22 14:02 cache.mmap
>> srwxrwxrwx 1 root root      0 2009-07-22 14:02 mux
>> -rw------- 1 root root      0 2009-07-22 14:02 mux.accept
>> -rw------- 1 root root      6 2009-07-22 14:02 saslauthd.pid
> 
> Looks fine.
> 
> I wonder if timsieved is calling saslauthd with different options,
> like with a realm.
> 
> I'd be curious what you're seeing when saslauthd is in debug mode.

I used the "-d" option in /etc/default/saslauthd and restarted saslauthd.

In another terminal I tried sivtest, where the authentication was wrong.

But, in the debug I see that the authentication was OK for saslauthd.

---------
paul at sigmund:/root$ sivtest -v localhost
S: "IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-5.1"
S: "SASL" "PLAIN"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify
subaddress relational regex"
S: "STARTTLS"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {20+}
AHBhdWwAZXJ1NGJjZw==
S: NO "Authentication Error"
Authentication failed. generic failure
Security strength factor: 0
---------

----------
sigmund:/etc/pam.d# /etc/init.d/saslauthd restart
Restarting SASL Authentication Daemon: saslauthdsaslauthd[29778] :main
          : num_procs  : 5
saslauthd[29778] :main            : mech_option: NULL
saslauthd[29778] :main            : run_path   : /var/run/saslauthd
saslauthd[29778] :main            : auth_mech  : pam
saslauthd[29778] :cache_alloc_mm  : mmaped shared memory segment on
file: /var/run/saslauthd/cache.mmap
saslauthd[29778] :cache_init      : bucket size: 92 bytes
saslauthd[29778] :cache_init      : stats size : 36 bytes
saslauthd[29778] :cache_init      : timeout    : 28800 seconds
saslauthd[29778] :cache_init      : cache table: 944764 total bytes
saslauthd[29778] :cache_init      : cache table: 1711 slots
saslauthd[29778] :cache_init      : cache table: 10266 buckets
saslauthd[29778] :cache_init_lock : flock file opened at
/var/run/saslauthd/cache.flock
saslauthd[29778] :ipc_init        : using accept lock file:
/var/run/saslauthd/mux.accept
saslauthd[29778] :detach_tty      : master pid is: 0
saslauthd[29778] :ipc_init        : listening on socket:
/var/run/saslauthd/mux
saslauthd[29778] :main            : using process model
saslauthd[29779] :get_accept_lock : acquired accept lock
saslauthd[29778] :have_baby       : forked child: 29779
saslauthd[29778] :have_baby       : forked child: 29780
saslauthd[29778] :have_baby       : forked child: 29781
saslauthd[29778] :have_baby       : forked child: 29782
saslauthd[29779] :rel_accept_lock : released accept lock
saslauthd[29780] :get_accept_lock : acquired accept lock
saslauthd[29779] :cache_get_rlock : attempting a read lock on slot: 1682
saslauthd[29779] :cache_lookup    : [login=paul] [service=]
[realm=sieve]: not found, update pending
saslauthd[29779] :cache_un_lock   : attempting to release lock on slot: 1682
saslauthd[29779] :cache_get_wlock : attempting a write lock on slot: 1682
saslauthd[29779] :cache_commit    : lookup committed
saslauthd[29779] :cache_un_lock   : attempting to release lock on slot: 1682
saslauthd[29779] :do_auth         : auth success: [user=paul]
[service=sieve] [realm=] [mech=pam]
saslauthd[29779] :do_request      : response: OK
----------


With regards,
Paul van der Vlis.


-- 
http://www.vandervlis.nl/

More information about the Info-cyrus mailing list