No SQL module found

Andreas Winkelmann ml at awinkelmann.de
Mon Oct 22 14:25:44 EDT 2007


On Montag, 22. Oktober 2007, Florian Lindner wrote:

> Hello,
> I try to use cyrus-sasl with postfix on a Debian etch (stable) system. I
> want SASL to authenticate against a MySQL database (without saslauthd). I
> have installed the libsasl2-2 [1] and the SQL modules.
> The output from saslpluginviewer is below. There is no SQL plugin listed.
> My /etc/postfix/sasl/smtpd.conf looks like that:
>
> osiris:~# cat /etc/postfix/sasl/smtpd.conf
> log_level: 3

In the case of Postfix log_level is senseless.

> pwcheck_method: auxprop
> auxprop_plugin: sql
>
> allowanonymouslogin: no
> allowplaintext: yes

These both are no cyrus-sasl Options.

> sql_engine: mysql
> sql_hostnames: localhost
> sql_user: system
> sql_passwd: pwd
> sql_database: system
> sql_select: SELECT password FROM mailboxes WHERE login = '%u@%r'
>
> What is wrong here?
>
> Thanks,
>
> Florian
>
> [1] http://packages.debian.org/etch/libsasl2-2
> [2] http://packages.debian.org/etch/libsasl2-modules-sql
>
> osiris:~# saslpluginviewer
> Installed SASL (server side) mechanisms are:
> PLAIN NTLM LOGIN DIGEST-MD5 CRAM-MD5 ANONYMOUS EXTERNAL
> List of server plugins follows
> Plugin "plain" [loaded],        API version: 4
>         SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
>         security flags: NO_ANONYMOUS
>         features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
> Plugin "ntlm" [loaded],         API version: 4
>         SASL mechanism: NTLM, best SSF: 0, supports setpass: no
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT
>         features: WANT_CLIENT_FIRST
> Plugin "login" [loaded],        API version: 4
>         SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
>         security flags: NO_ANONYMOUS
>         features:
> Plugin "digestmd5" [loaded],    API version: 4
>         SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
>         features: PROXY_AUTHENTICATION
> Plugin "crammd5" [loaded],      API version: 4
>         SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT
>         features: SERVER_FIRST
> Plugin "anonymous" [loaded],    API version: 4
>         SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
>         security flags: NO_PLAINTEXT
>         features: WANT_CLIENT_FIRST
> Installed auxprop mechanisms are:
> sasldb
> List of auxprop plugins follows
> Plugin "sasldb" ,       API version: 4
>         supports store: yes

Ok, show the contents of "/usr/lib/sasl2/".

> Installed SASL (client side) mechanisms are:
> PLAIN NTLM LOGIN DIGEST-MD5 CRAM-MD5 ANONYMOUS EXTERNAL
> List of client plugins follows
> Plugin "plain" [loaded],        API version: 4
>         SASL mechanism: PLAIN, best SSF: 0
>         security flags: NO_ANONYMOUS
>         features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
> Plugin "ntlm" [loaded],         API version: 4
>         SASL mechanism: NTLM, best SSF: 0
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT
>         features: WANT_CLIENT_FIRST
> Plugin "login" [loaded],        API version: 4
>         SASL mechanism: LOGIN, best SSF: 0
>         security flags: NO_ANONYMOUS
>         features: SERVER_FIRST
> Plugin "digestmd5" [loaded],    API version: 4
>         SASL mechanism: DIGEST-MD5, best SSF: 128
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
>         features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN
> Plugin "crammd5" [loaded],      API version: 4
>         SASL mechanism: CRAM-MD5, best SSF: 0
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT
>         features: SERVER_FIRST
> Plugin "anonymous" [loaded],    API version: 4
>         SASL mechanism: ANONYMOUS, best SSF: 0
>         security flags: NO_PLAINTEXT
>         features: WANT_CLIENT_FIRST
> Plugin "EXTERNAL" [loaded],     API version: 4
>         SASL mechanism: EXTERNAL, best SSF: 0
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
>         features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION

What does your mail-log say? Turn on verbose-logging in Postfix (smtpd -vvv) 
in master.cf then everything sasl-related should be logged.

-- 
	Andreas


More information about the Cyrus-sasl mailing list