<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-2" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Kġvári János wrote:<br>
<blockquote cite="mid:49F15D08.9090503@freemail.hu" type="cite">
<div class="moz-signature">
<pre><font color="#000000">><i> I have a postfix relay server and a (local) cyrus imap server on the
</i>><i> same machine. Everything was fine until I thought, I change the imap
</i>><i> authentication from sasldb to saslauth, to have global authentication
</i>><i> on postfix and cyrus.
</i>><i> Postfix uses saslauthd, which is configured for PAM. It works
</i>><i> perfectly, with plain/login/cram/digest mechanisms, with or without
</i>><i> tls/ssl, absolutely no problems with it. Saslauth tests are all fine
</i>><i> obviously.
</i>><i> So I decided to use this with cyrus imap too. Set it to use the same
</i>><i> saslauth daemon, and plain, login, cram-md5 and digest-md5 mechs.
</i>><i> Since then, I can not login with plain or login mechs, because they
</i>><i> aren't being offered at all by cyrus imapd. I can login with cram or
</i>><i> digest fine.
</i>><i> I understand that plain login isn't offered by default, only after a
</i>><i> successfull tls session setup, but if I understand correctly, the
</i>><i> "allowplaintext: yes" option should still force imapd to offer plain
</i>><i> logins. But it doesn't. I tried it with different sasl_min|max_levels,
</i>><i> to no avail.
</i>><i> This is the first thing I don't understand.
</i>><i> The second is: after establishing a tls or ssl connection, plain and
</i>><i> login are offered, but I can not login with these mechs.
</i>><i> (I'm using imtest to test it all.)
</i>><i> However, with "testsaslauth", I am able to authenticate fine.
</i>><i>
</i>><i> I'm quite new to cyrus and linux systems, but I read all kinds of
</i>><i> manuals and FAQs nd documentation, and googled a lot, but I was unable
</i>><i> to find the culprit. So you are my last hope.
</i>><i> If nothing else works, I leave it as is, with digest and cram it works
</i>><i> and it's more secure. Or I go back to sasldb, which is less
</i>><i> comfortable for me...
</i>
Please include the following information, so we can get a better idea of
your setup:
Postfix and Cyrus IMAP version
Postfix SASL config:
grep sasl main.cf
cat /etc/postfix/sasl/smtpd.conf (or wherever smtpd.conf it located on
your system)
Your cyrus imap.conf config
saslauthd does not support cram-md5 or digest-md5, so you may be (also)
using the sasldb auxprop in Postfix.
- Dan</font></pre>
</div>
</blockquote>
Hello Dan,<br>
<br>
Postfix version: 2.5.4<br>
Cyrus IMAP version: 2.2.13<br>
<br>
<i>cat /etc/postfix/main.cf | grep sasl</i><br>
smtpd_client_restrictions = permit_sasl_authenticated, reject<br>
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination<br>
smtpd_sasl_auth_enable = yes<br>
smtpd_sasl_local_domain = $myhostname<br>
smtp_sasl_auth_enable = yes<br>
smtp_sasl_password_maps = hash:/etc/postfix/relaypw<br>
broken_sasl_auth_clients = yes<br>
<br>
<i>cat /etc/postfix/sasl/smtpd.conf</i><br>
saslauthd_version: 2<br>
pwcheck_method: saslauthd<br>
mech_list: plain login cram-md5 digest-md5<br>
<br>
<i>cat /etc/imapd.conf</i><br>
configdirectory: /var/lib/cyrus<br>
imap_admins: cyrus jani<br>
hashimapspool: 1<br>
idlemethod: poll<br>
popminpoll: 1<br>
allowplaintext: yes<br>
allowanonymouslogin: no<br>
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux<br>
sasl_pwcheck_method: saslauthd<br>
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5<br>
sasl_auto_transition: no<br>
tls_cert_file: /etc/ssl/certs/some_server.pem<br>
tls_key_file: /etc/ssl/private/some_server.key<br>
tls_ca_path: /etc/ssl/certs/demoCA<br>
tls_session_timeout: 1440<br>
tls_cipher_list: TLSv1+HIGH:!aNULL: @STRENGTH<br>
sievedir: /var/spool/sieve<br>
sieveusehomedir: false<br>
lmtpsocket: /var/run/cyrus/socket/lmtp<br>
lmtp_downcase_rcpt: yes<br>
notifysocket: /var/run/cyrus/socket/notify<br>
partition-default: /var/spool/cyrus/mail<br>
autocreatequota: 100<br>
newsspool: /var/spool/news<br>
partition-something: /media/data/cyrus<br>
admins: cyrus jani<br>
idlesocket: /var/run/cyrus/socket/idle<br>
autocreatequota_units: 1048576<br>
syslog_prefix: cyrus<br>
unixhierarchysep: 1<br>
umask: 077<br>
<br>
<i>cat /etc/default/saslauthd</i><br>
START=yes<br>
PWDIR="/var/spool/postfix/var/run/saslauthd"<br>
PARAMS="-m ${PWDIR}"<br>
PIDFILE="${PWDIR}/saslauthd.pid" <br>
MECHANISMS="pam"<br>
MECH_OPTIONS=""<br>
THREADS=5<br>
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"<br>
<i>#(I think the options line is wrong, the -m part is unneded, but it
was like that, and it works...)</i><br>
<br>
<i>ps -ef | grep saslauthd</i><br>
root 5142 1 0 07:50 ? 00:00:00 /usr/sbin/saslauthd -a
pam -c -m /var/spool/postfix/var/run/saslauthd -n 5<br>
root 5144 5142 0 07:50 ? 00:00:00 /usr/sbin/saslauthd -a
pam -c -m /var/spool/postfix/var/run/saslauthd -n 5<br>
root 5146 5142 0 07:50 ? 00:00:00 /usr/sbin/saslauthd -a
pam -c -m /var/spool/postfix/var/run/saslauthd -n 5<br>
root 5147 5142 0 07:50 ? 00:00:00 /usr/sbin/saslauthd -a
pam -c -m /var/spool/postfix/var/run/saslauthd -n 5<br>
root 5148 5142 0 07:50 ? 00:00:00 /usr/sbin/saslauthd -a
pam -c -m /var/spool/postfix/var/run/saslauthd -n 5<br>
<br>
What do i do wrong?<br>
<br>
Regards,<br>
Janos<br>
</body>
</html>