SASL authentication failures with SQL
Jason Dixon
jason at dixongroup.net
Sat Nov 18 11:55:33 EST 2006
I'm building a new mailserver and am using Postfix with Cyrus-SASL's
auxprop/sql mechanism. Passwords are stored via PostfixAdmin's md5
in a MySQL table. When testing this configuration, I keep getting
authentication failures. When I test with Thunderbird, I see the
following:
Nov 18 11:25:19 colo2 postfix/smtpd[29465]: warning: SASL
authentication failure: no secret in database
Nov 18 11:25:19 colo2 postfix/smtpd[29465]: warning: x.x.x.x: SASL
CRAM-MD5 authentication failed: authentication failure
And for OS X Mail.app, I see this:
Nov 18 11:47:54 colo2 postfix/smtpd[5306]: warning: SASL
authentication failure: Password verification failed
Nov 18 11:47:54 colo2 postfix/smtpd[5306]: warning: x.x.x.x: SASL
PLAIN authentication failed: authentication failure
I've confirmed that Postfix/SASL are making a connection to the
database, but have no other debugging information. I have no
problems pulling the hashed password out of the table using the
sql_select statement and the assigned authentication parameters.
I've bumped up log_level, but that seems to have no effect. Here is
my smtpd.conf file:
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain cram-md5 digest-md5
log_level: 5
sql_engine: mysql
sql_verbose: yes
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: postfix
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username = '%u'
And here is the MySQL table, with a sample query demonstrating the
password format.
$ mysql -h 127.0.0.1 -u postfix -p postfix
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1924 to server version: 5.0.24a
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> describe mailbox;
+----------+--------------+------+-----+---------------------+-------+
| Field | Type | Null | Key | Default | Extra |
+----------+--------------+------+-----+---------------------+-------+
| username | varchar(255) | NO | PRI | | |
| password | varchar(255) | NO | | | |
| name | varchar(255) | NO | | | |
| maildir | varchar(255) | NO | | | |
| quota | int(10) | NO | | -1 | |
| domain | varchar(255) | NO | | | |
| created | datetime | NO | | 0000-00-00 00:00:00 | |
| modified | datetime | NO | | 0000-00-00 00:00:00 | |
| active | tinyint(4) | NO | | 1 | |
+----------+--------------+------+-----+---------------------+-------+
9 rows in set (0.00 sec)
mysql> select password from mailbox limit 1;
+------------------------------------+
| password |
+------------------------------------+
| $1$5fffa3c6$L4.fk2NN25zQR/X8wehsO1 |
+------------------------------------+
1 row in set (0.01 sec)
Any idea why I'm getting these errors?
Thanks,
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
More information about the Cyrus-sasl
mailing list