Testing authentincation / SASL + MySQL
Patrick Ben Koetter
p at state-of-mind.de
Thu Apr 27 16:32:29 EDT 2006
* volatile 45hs <volatileservers at gmail.com>:
> I run saslfinger to get a better diagnostic, output is below and my humble
> knowledge can do much more with it.
>
> I still haven't configured / recompiled postfix as I'm trying to make SASL
> work
>
>
> saslfinger - postfix Cyrus sasl configuration Thu Apr 27 15:21:55 BST
> 2006
> version: 1.0
> mode: server-side SMTP AUTH
>
> -- basics --
> Postfix: 2.2.5
> System: Red Hat Enterprise Linux ES release 3 (Taroon Update 5)
>
> -- smtpd is linked to --
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00f71000)
>
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
>
>
> -- listing of /usr/lib/sasl --
This dir we ignore, because it is Cyrus-SASL.1.x libs and your Postfix wants
Cyrus-SASL.2.x, which is what you want. You don't want Cyrus-SASL.1.x ;)
> -- listing of /usr/lib/sasl2 --
> total 684
> drwxr-xr-x 2 root root 4096 Apr 27 14:41 .
> drwxr-xr-x 86 root root 40960 Dec 1 02:36 ..
> -rw-r--r-- 1 root root 13946 Oct 7 2004 libanonymous.a
> -rwxr-xr-x 1 root root 780 Oct 7 2004 libanonymous.la
> -rwxr-xr-x 1 root root 12204 Oct 7 2004 libanonymous.so
> -rwxr-xr-x 1 root root 12204 Oct 7 2004 libanonymous.so.2
> -rwxr-xr-x 1 root root 12204 Oct 7 2004 libanonymous.so.2.0.15
> -rw-r--r-- 1 root root 17232 Oct 7 2004 libcrammd5.a
> -rwxr-xr-x 1 root root 766 Oct 7 2004 libcrammd5.la
> -rwxr-xr-x 1 root root 14880 Oct 7 2004 libcrammd5.so
> -rwxr-xr-x 1 root root 14880 Oct 7 2004 libcrammd5.so.2
> -rwxr-xr-x 1 root root 14880 Oct 7 2004 libcrammd5.so.2.0.15
> -rw-r--r-- 1 root root 52730 Oct 7 2004 libdigestmd5.a
> -rwxr-xr-x 1 root root 789 Oct 7 2004 libdigestmd5.la
> -rwxr-xr-x 1 root root 42900 Oct 7 2004 libdigestmd5.so
> -rwxr-xr-x 1 root root 42900 Oct 7 2004 libdigestmd5.so.2
> -rwxr-xr-x 1 root root 42900 Oct 7 2004 libdigestmd5.so.2.0.15
> -rw-r--r-- 1 root root 23282 Oct 7 2004 libgssapiv2.a
> -rwxr-xr-x 1 root root 815 Oct 7 2004 libgssapiv2.la
> -rwxr-xr-x 1 root root 20728 Oct 7 2004 libgssapiv2.so
> -rwxr-xr-x 1 root root 20728 Oct 7 2004 libgssapiv2.so.2
> -rwxr-xr-x 1 root root 20728 Oct 7 2004 libgssapiv2.so.2.0.15
> -rw-r--r-- 1 root root 14356 Oct 7 2004 liblogin.a
> -rwxr-xr-x 1 root root 752 Oct 7 2004 liblogin.la
> -rwxr-xr-x 1 root root 12652 Oct 7 2004 liblogin.so
> -rwxr-xr-x 1 root root 12652 Oct 7 2004 liblogin.so.2
> -rwxr-xr-x 1 root root 12652 Oct 7 2004 liblogin.so.2.0.15
> -rw-r--r-- 1 root root 14268 Oct 7 2004 libplain.a
> -rwxr-xr-x 1 root root 752 Oct 7 2004 libplain.la
> -rwxr-xr-x 1 root root 12592 Oct 7 2004 libplain.so
> -rwxr-xr-x 1 root root 12592 Oct 7 2004 libplain.so.2
> -rwxr-xr-x 1 root root 12592 Oct 7 2004 libplain.so.2.0.15
> -rw-r--r-- 1 root root 19596 Oct 7 2004 libsasldb.a
> -rwxr-xr-x 1 root root 791 Oct 7 2004 libsasldb.la
> -rwxr-xr-x 1 root root 15348 Oct 7 2004 libsasldb.so
> -rwxr-xr-x 1 root root 15348 Oct 7 2004 libsasldb.so.2
> -rwxr-xr-x 1 root root 15348 Oct 7 2004 libsasldb.so.2.0.15
There's no SQL libs in here to use the sql auxprop, but your smtpd.conf and
sample.conf are in here. libsasl searches for libs in /usr/lib/sasl2...
> -rw-r--r-- 1 root root 503 Apr 27 14:41 sample.conf
> drwxr-xr-x 6 root root 4096 Oct 27 00:36 sasl2
> -rw-r--r-- 1 root root 503 Apr 27 14:41 smtpd.conf
>
> -- listing of /usr/local/lib/sasl2 --
> total 2116
> drwxr-xr-x 2 root root 4096 Apr 26 18:18 .
> drwxr-xr-x 3 root root 4096 Apr 26 16:36 ..
> -rwxr-xr-x 1 root root 692 Apr 25 20:55 libanonymous.la
> -rwxr-xr-x 1 root root 46147 Apr 25 20:55 libanonymous.so
> -rwxr-xr-x 1 root root 46147 Apr 25 20:55 libanonymous.so.2
> -rwxr-xr-x 1 root root 46147 Apr 25 20:55 libanonymous.so.2.0.21
> -rwxr-xr-x 1 root root 680 Apr 26 16:36 libcrammd5.la
> -rwxr-xr-x 1 root root 50879 Apr 26 16:36 libcrammd5.so
> -rwxr-xr-x 1 root root 50879 Apr 26 16:36 libcrammd5.so.2
> -rwxr-xr-x 1 root root 50879 Apr 26 16:36 libcrammd5.so.2.0.21
> -rwxr-xr-x 1 root root 710 Apr 25 19:50 libdigestmd5.la
> -rwxr-xr-x 1 root root 95447 Apr 25 19:50 libdigestmd5.so
> -rwxr-xr-x 1 root root 95447 Apr 25 19:50 libdigestmd5.so.2
> -rwxr-xr-x 1 root root 95447 Apr 25 19:50 libdigestmd5.so.2.0.21
> -rwxr-xr-x 1 root root 676 Apr 26 16:36 liblogin.la
> -rwxr-xr-x 1 root root 46927 Apr 26 16:36 liblogin.so
> -rwxr-xr-x 1 root root 46927 Apr 26 16:36 liblogin.so.2
> -rwxr-xr-x 1 root root 46927 Apr 26 16:36 liblogin.so.2.0.21
> -rwxr-xr-x 1 root root 676 Apr 26 16:36 libplain.la
> -rwxr-xr-x 1 root root 46765 Apr 26 16:36 libplain.so
> -rwxr-xr-x 1 root root 46765 Apr 26 16:36 libplain.so.2
> -rwxr-xr-x 1 root root 46761 Oct 27 00:36 libplain.so.2.0.19
> -rwxr-xr-x 1 root root 46765 Apr 26 16:36 libplain.so.2.0.21
> -rwxr-xr-x 1 root root 692 Apr 25 20:55 libsasldb.la
> -rwxr-xr-x 1 root root 79195 Apr 25 20:55 libsasldb.so
> -rwxr-xr-x 1 root root 79195 Apr 25 20:55 libsasldb.so.2
> -rwxr-xr-x 1 root root 79187 Oct 27 00:36 libsasldb.so.2.0.19
> -rwxr-xr-x 1 root root 79195 Apr 25 20:55 libsasldb.so.2.0.21
> -rwxr-xr-x 1 root root 707 Apr 26 16:36 libsql.la
> -rwxr-xr-x 1 root root 244896 Apr 26 16:36 libsql.so
> -rwxr-xr-x 1 root root 244896 Apr 26 16:36 libsql.so.2
> -rwxr-xr-x 1 root root 60240 Oct 27 00:36 libsql.so.2.0.19
> -rwxr-xr-x 1 root root 244896 Apr 26 16:36 libsql.so.2.0.21
In this directory there's the SQL auxprop stuff, but there's no config, nor
will libsasl search for libs in here...
1. Copy sample.conf and smtpd.conf to /usr/local/lib/sasl2.
2. Move /usr/lib/sasl2 to /usr/lib/sasl2.old.
3. Create a symlink from /usr/local/lib/sasl2 to /usr/lib/sasl2.
> -- content of /usr/lib/sasl2/smtpd.conf --
> # SASL application configuration file for SMTP AUTH used by Postfix
You use sample.conf to test, right? In the book we created sample.conf as
symlink to smtpd.conf. If you do that, I can tell what's in both. Now I don't
know if the content of sample.conf is the same as smtpd.conf; they have the
same date and size though, so I just presume they are identical.
> # Global parameter
> log_level: 3
>
> # Password verification service
> pwcheck_method: auxprop
>
> # SMTP AUTH mechanisms
> mech_list: PLAIN LOGIN CRAM-MD5
>
> # auxiliary plugin parameters -> mysql password backend
> auxprop_plugin: sql
> sql_engine: mysql
> sql_hostname: localhost
> sql_database: smtpauthdb
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
Something I can't tell is, if there's whitespace after the values you've added
to smtpd.conf. You need to check this yourself. I recall situations where this
was the problem.
> sql_select: SELECT %p FROM users WHERE username = '%u' AND userrealm = '%r' and auth = '1'
You probably want to exchange "%p" for the name of the field that holds the
passwords. I think this is also an errata in the book.
> sql_usessl: no
>
>
> -- active services in /etc/postfix/master.cf --
>
> removed due to still not using sasl w/ postfix and to reduce message body
Okay. Fix the sasl dir stuff and check sample.conf. Then check if it works. If
not we will have to dig deeper.
p at rick
--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
More information about the Cyrus-sasl
mailing list