Getting sasldb2 to work

Alexander Skwar listen at alexander.skwar.name
Sun Nov 20 10:00:03 EST 2005


Hello.

I'd like to use cyrus-sasl-2.1.21 together with Postfix
to have it support SMTP AUTH. As there's just a small
number of users, sasldb2 will do. System will be a Linux
running kernel

askwar at HD:~$ uname -a
Linux HD 2.4.20_mipsel_linkstation #88 2005ǯ 2�25� �� 20:17:00 JST mips GNU/Linux

I downloaded cyrus-sasl-2.1.21 and ran:

./configure --enable-login --prefix=/usr --sysconfdir=/etc/sasl2 \
	--disable-dependency-tracking --with-dbpath=/etc/sasl2/sasldb2	\
	&& make && make install && mkdir -p /etc/sasl2

To do some basic checking of sasl2, I'd like to use the
sasl2 sample/server and sample/client. Before starting
the server, I created a sample.conf:

askwar at HD:/share/Linkstation/Pakete/Sources/sasl/cyrus-sasl-2.1.21$ cat /usr/lib/sasl2/sample.conf
# Global parameters
log_level: 3
pwcheck_method: auxprop
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

# auxiliary Plugin parameters
auxprop_plugin: sasldb
sasldb_path: /etc/sasl2/sasldb2

I then created a test user with saslpasswd2:

root at HD:/etc/sasl2# echo -n CielfAut3 | /usr/sbin/saslpasswd2 -p -c eelzeejoj

(Yes, I am aware that I now gave away the password.)

This resulted in a /etc/sasl2/sasldb2 being created:

root at HD:/etc/sasl2# strings /etc/sasl2/sasldb2
md5     0499    HD3449  210147dcd18cbaf0        00000000000000000000
eelzeejoj
cmusaslsecretOTP
CielfAut3
eelzeejoj
userPassword

After that, I started the sample server:

askwar at HD:/share/Linkstation/Pakete/Sources/sasl/cyrus-sasl-2.1.21/sample$ ./server -s rcmd -p 12345 -m PLAIN
trying 2, 2, 6
trying 10, 2, 6
socket: Address family not supported by protocol

On a different terminal on the same box I started the sample client:

askwar at HD:/share/Linkstation/Pakete/Sources/sasl/cyrus-sasl-2.1.21/sample$ ./client -p 12345 -s rcmd -m PLAIN 127.0.0.1
receiving capability list... recv: {5}
PLAIN
PLAIN
please enter an authentication id:

What do I now enter? Do I enter the username as
authentication id? After that, I'm prompted for a
authorization id. What to enter? Username again?
Then I'm prompted for a password - and so I entered
it:

please enter an authentication id: eelzeejoj
please enter an authorization id: eelzeejoj
Password:
send: {5}
PLAIN
send: {1}
Y
send: {29}
eelzeejoj[0]eelzeejoj[0]CielfAut3
authentication failed
closing connection

Having a look on the server terminal, I see the
following output:

accepted new connection
send: {5}
PLAIN
recv: {5}
PLAIN
recv: {1}
Y
recv: {29}
eelzeejoj[0]eelzeejoj[0]CielfAut3
starting SASL negotiation: user not foundclosing connection

Why is it saying "user not found"? What's the username
that I should use?

I also tried to specify a "DOM", like so:

# echo nicJiUt5 | /usr/sbin/saslpasswd2 -c -p -u bei.digitalprojects.com nolon5an

But how do I specify this dom? As auth* id, I tried nolon5an
and nolon5an at bei.digitalprojects.com - but still always
"user not found" :(

How do I do it correctly?

I also tried to integrate that into postfix smtpd. For this,
I copied sample.conf to smtpd.conf and added to Postfix' main.cf:

smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes

I then tried to login with Thunderbird to the SMTP server.
Didn't work - I suppose because of the same reasons why the
sample server/client don't work.

Thanks,

Alexander Skwar


More information about the Cyrus-sasl mailing list