Testing authentincation / SASL + MySQL

Patrick Ben Koetter p at state-of-mind.de
Thu Apr 27 16:32:29 EDT 2006


* volatile 45hs <volatileservers at gmail.com>:
> I run saslfinger to get a better diagnostic, output is below and my humble
> knowledge can do much more with it.
> 
> I still haven't configured / recompiled postfix as I'm trying to make SASL
> work
> 
> 
>     saslfinger - postfix Cyrus sasl configuration Thu Apr 27 15:21:55 BST
> 2006
>     version: 1.0
>     mode: server-side SMTP AUTH
> 
>     -- basics --
>     Postfix: 2.2.5
>     System: Red Hat Enterprise Linux ES release 3 (Taroon Update 5)
> 
>     -- smtpd is linked to --
>         libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00f71000)
> 
>     -- active SMTP AUTH and TLS parameters for smtpd --
>     broken_sasl_auth_clients = yes
> 
> 
>     -- listing of /usr/lib/sasl --

This dir we ignore, because it is Cyrus-SASL.1.x libs and your Postfix wants
Cyrus-SASL.2.x, which is what you want. You don't want Cyrus-SASL.1.x ;)

>     -- listing of /usr/lib/sasl2 --
>     total 684
>     drwxr-xr-x    2 root     root         4096 Apr 27 14:41 .
>     drwxr-xr-x   86 root     root        40960 Dec  1 02:36 ..
>     -rw-r--r--    1 root     root        13946 Oct  7  2004 libanonymous.a
>     -rwxr-xr-x    1 root     root          780 Oct  7  2004 libanonymous.la
>     -rwxr-xr-x    1 root     root        12204 Oct  7  2004 libanonymous.so
>     -rwxr-xr-x    1 root     root        12204 Oct  7  2004 libanonymous.so.2
>     -rwxr-xr-x    1 root     root        12204 Oct  7  2004 libanonymous.so.2.0.15
>     -rw-r--r--    1 root     root        17232 Oct  7  2004 libcrammd5.a
>     -rwxr-xr-x    1 root     root          766 Oct  7  2004 libcrammd5.la
>     -rwxr-xr-x    1 root     root        14880 Oct  7  2004 libcrammd5.so
>     -rwxr-xr-x    1 root     root        14880 Oct  7  2004 libcrammd5.so.2
>     -rwxr-xr-x    1 root     root        14880 Oct  7  2004 libcrammd5.so.2.0.15
>     -rw-r--r--    1 root     root        52730 Oct  7  2004 libdigestmd5.a
>     -rwxr-xr-x    1 root     root          789 Oct  7  2004 libdigestmd5.la
>     -rwxr-xr-x    1 root     root        42900 Oct  7  2004 libdigestmd5.so
>     -rwxr-xr-x    1 root     root        42900 Oct  7  2004 libdigestmd5.so.2
>     -rwxr-xr-x    1 root     root        42900 Oct  7  2004 libdigestmd5.so.2.0.15
>     -rw-r--r--    1 root     root        23282 Oct  7  2004 libgssapiv2.a
>     -rwxr-xr-x    1 root     root          815 Oct  7  2004 libgssapiv2.la
>     -rwxr-xr-x    1 root     root        20728 Oct  7  2004 libgssapiv2.so
>     -rwxr-xr-x    1 root     root        20728 Oct  7  2004 libgssapiv2.so.2
>     -rwxr-xr-x    1 root     root        20728 Oct  7  2004 libgssapiv2.so.2.0.15
>     -rw-r--r--    1 root     root        14356 Oct  7  2004 liblogin.a
>     -rwxr-xr-x    1 root     root          752 Oct  7  2004 liblogin.la
>     -rwxr-xr-x    1 root     root        12652 Oct  7  2004 liblogin.so
>     -rwxr-xr-x    1 root     root        12652 Oct  7  2004 liblogin.so.2
>     -rwxr-xr-x    1 root     root        12652 Oct  7  2004 liblogin.so.2.0.15
>     -rw-r--r--    1 root     root        14268 Oct  7  2004 libplain.a
>     -rwxr-xr-x    1 root     root          752 Oct  7  2004 libplain.la
>     -rwxr-xr-x    1 root     root        12592 Oct  7  2004 libplain.so
>     -rwxr-xr-x    1 root     root        12592 Oct  7  2004 libplain.so.2
>     -rwxr-xr-x    1 root     root        12592 Oct  7  2004 libplain.so.2.0.15
>     -rw-r--r--    1 root     root        19596 Oct  7  2004 libsasldb.a
>     -rwxr-xr-x    1 root     root          791 Oct  7  2004 libsasldb.la
>     -rwxr-xr-x    1 root     root        15348 Oct  7  2004 libsasldb.so
>     -rwxr-xr-x    1 root     root        15348 Oct  7  2004 libsasldb.so.2
>     -rwxr-xr-x    1 root     root        15348 Oct  7  2004 libsasldb.so.2.0.15

There's no SQL libs in here to use the sql auxprop, but your smtpd.conf and
sample.conf are in here. libsasl searches for libs in /usr/lib/sasl2...


>     -rw-r--r--    1 root     root          503 Apr 27 14:41 sample.conf
>     drwxr-xr-x    6 root     root         4096 Oct 27 00:36 sasl2
>     -rw-r--r--    1 root     root          503 Apr 27 14:41 smtpd.conf
> 
>     -- listing of /usr/local/lib/sasl2 --
>     total 2116
>     drwxr-xr-x    2 root     root         4096 Apr 26 18:18 .
>     drwxr-xr-x    3 root     root         4096 Apr 26 16:36 ..
>     -rwxr-xr-x    1 root     root          692 Apr 25 20:55 libanonymous.la
>     -rwxr-xr-x    1 root     root        46147 Apr 25 20:55 libanonymous.so
>     -rwxr-xr-x    1 root     root        46147 Apr 25 20:55 libanonymous.so.2
>     -rwxr-xr-x    1 root     root        46147 Apr 25 20:55 libanonymous.so.2.0.21
>     -rwxr-xr-x    1 root     root          680 Apr 26 16:36 libcrammd5.la
>     -rwxr-xr-x    1 root     root        50879 Apr 26 16:36 libcrammd5.so
>     -rwxr-xr-x    1 root     root        50879 Apr 26 16:36 libcrammd5.so.2
>     -rwxr-xr-x    1 root     root        50879 Apr 26 16:36 libcrammd5.so.2.0.21
>     -rwxr-xr-x    1 root     root          710 Apr 25 19:50 libdigestmd5.la
>     -rwxr-xr-x    1 root     root        95447 Apr 25 19:50 libdigestmd5.so
>     -rwxr-xr-x    1 root     root        95447 Apr 25 19:50 libdigestmd5.so.2
>     -rwxr-xr-x    1 root     root        95447 Apr 25 19:50 libdigestmd5.so.2.0.21
>     -rwxr-xr-x    1 root     root          676 Apr 26 16:36 liblogin.la
>     -rwxr-xr-x    1 root     root        46927 Apr 26 16:36 liblogin.so
>     -rwxr-xr-x    1 root     root        46927 Apr 26 16:36 liblogin.so.2
>     -rwxr-xr-x    1 root     root        46927 Apr 26 16:36 liblogin.so.2.0.21
>     -rwxr-xr-x    1 root     root          676 Apr 26 16:36 libplain.la
>     -rwxr-xr-x    1 root     root        46765 Apr 26 16:36 libplain.so
>     -rwxr-xr-x    1 root     root        46765 Apr 26 16:36 libplain.so.2
>     -rwxr-xr-x    1 root     root        46761 Oct 27 00:36 libplain.so.2.0.19
>     -rwxr-xr-x    1 root     root        46765 Apr 26 16:36 libplain.so.2.0.21
>     -rwxr-xr-x    1 root     root          692 Apr 25 20:55 libsasldb.la
>     -rwxr-xr-x    1 root     root        79195 Apr 25 20:55 libsasldb.so
>     -rwxr-xr-x    1 root     root        79195 Apr 25 20:55 libsasldb.so.2
>     -rwxr-xr-x    1 root     root        79187 Oct 27 00:36 libsasldb.so.2.0.19
>     -rwxr-xr-x    1 root     root        79195 Apr 25 20:55 libsasldb.so.2.0.21
>     -rwxr-xr-x    1 root     root          707 Apr 26 16:36 libsql.la
>     -rwxr-xr-x    1 root     root       244896 Apr 26 16:36 libsql.so
>     -rwxr-xr-x    1 root     root       244896 Apr 26 16:36 libsql.so.2
>     -rwxr-xr-x    1 root     root        60240 Oct 27 00:36 libsql.so.2.0.19
>     -rwxr-xr-x    1 root     root       244896 Apr 26 16:36 libsql.so.2.0.21

In this directory there's the SQL auxprop stuff, but there's no config, nor
will libsasl search for libs in here...

1. Copy sample.conf and smtpd.conf to /usr/local/lib/sasl2.
2. Move /usr/lib/sasl2 to /usr/lib/sasl2.old.
3. Create a symlink from /usr/local/lib/sasl2 to /usr/lib/sasl2.


>     -- content of /usr/lib/sasl2/smtpd.conf --
>     # SASL application configuration file for SMTP AUTH used by Postfix

You use sample.conf to test, right? In the book we created sample.conf as
symlink to smtpd.conf. If you do that, I can tell what's in both. Now I don't
know if the content of sample.conf is the same as smtpd.conf; they have the
same date and size though, so I just presume they are identical.

>     # Global parameter
>     log_level: 3
> 
>     # Password verification service
>     pwcheck_method: auxprop
> 
>     # SMTP AUTH mechanisms
>     mech_list: PLAIN LOGIN CRAM-MD5
> 
>     # auxiliary plugin parameters -> mysql password backend
>     auxprop_plugin: sql
>     sql_engine: mysql
>     sql_hostname: localhost
>     sql_database: smtpauthdb
>     sql_user: --- replaced ---
>     sql_passwd: --- replaced ---

Something I can't tell is, if there's whitespace after the values you've added
to smtpd.conf. You need to check this yourself. I recall situations where this
was the problem.

>     sql_select: SELECT %p FROM users WHERE username = '%u' AND userrealm = '%r' and auth = '1'

You probably want to exchange "%p" for the name of the field that holds the
passwords. I think this is also an errata in the book.


>     sql_usessl: no
> 
> 
>     -- active services in /etc/postfix/master.cf --
> 
> removed due to still not using sasl w/ postfix and to reduce message body

Okay. Fix the sasl dir stuff and check sample.conf. Then check if it works. If
not we will have to dig deeper.

p at rick


-- 
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>


More information about the Cyrus-sasl mailing list