SASL authentication failures with SQL

Jason Dixon jason at dixongroup.net
Sat Nov 18 11:55:33 EST 2006 

I'm building a new mailserver and am using Postfix with Cyrus-SASL's  
auxprop/sql mechanism.  Passwords are stored via PostfixAdmin's md5  
in a MySQL table.  When testing this configuration, I keep getting  
authentication failures.  When I test with Thunderbird, I see the  
following:

Nov 18 11:25:19 colo2 postfix/smtpd[29465]: warning: SASL  
authentication failure: no secret in database
Nov 18 11:25:19 colo2 postfix/smtpd[29465]: warning: x.x.x.x: SASL  
CRAM-MD5 authentication failed: authentication failure


And for OS X Mail.app, I see this:

Nov 18 11:47:54 colo2 postfix/smtpd[5306]: warning: SASL  
authentication failure: Password verification failed
Nov 18 11:47:54 colo2 postfix/smtpd[5306]: warning: x.x.x.x: SASL  
PLAIN authentication failed: authentication failure


I've confirmed that Postfix/SASL are making a connection to the  
database, but have no other debugging information.  I have no  
problems pulling the hashed password out of the table using the  
sql_select statement and the assigned authentication parameters.   
I've bumped up log_level, but that seems to have no effect.  Here is  
my smtpd.conf file:

pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain cram-md5 digest-md5
log_level: 5
sql_engine: mysql
sql_verbose: yes
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: postfix
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username = '%u'


And here is the MySQL table, with a sample query demonstrating the  
password format.

$ mysql -h 127.0.0.1 -u postfix -p postfix
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1924 to server version: 5.0.24a

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> describe mailbox;
+----------+--------------+------+-----+---------------------+-------+
| Field    | Type         | Null | Key | Default             | Extra |
+----------+--------------+------+-----+---------------------+-------+
| username | varchar(255) | NO   | PRI |                     |       |
| password | varchar(255) | NO   |     |                     |       |
| name     | varchar(255) | NO   |     |                     |       |
| maildir  | varchar(255) | NO   |     |                     |       |
| quota    | int(10)      | NO   |     | -1                  |       |
| domain   | varchar(255) | NO   |     |                     |       |
| created  | datetime     | NO   |     | 0000-00-00 00:00:00 |       |
| modified | datetime     | NO   |     | 0000-00-00 00:00:00 |       |
| active   | tinyint(4)   | NO   |     | 1                   |       |
+----------+--------------+------+-----+---------------------+-------+
9 rows in set (0.00 sec)

mysql> select password from mailbox limit 1;
+------------------------------------+
| password                           |
+------------------------------------+
| $1$5fffa3c6$L4.fk2NN25zQR/X8wehsO1 |
+------------------------------------+
1 row in set (0.01 sec)


Any idea why I'm getting these errors?

Thanks,

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

More information about the Cyrus-sasl mailing list