pwcheck_method ignored?

Marcelo Licastro marcelo.licastro at gmail.com
Mon Jun 23 18:43:32 EDT 2008


Hi,

I'm struggling to get my SASL config working... It seems that my
"pwcheck_method" is being completely ignored! Although I set it as
"saslauthd", I receive "could not find auxprop plugin, was searching for
'[all]'" im my logs... I even traced Exim's pid and saw that the correct
config file for sasl (/usr/lib64/sasl2/exim.conf) is being used.

Running manually "testsaslauthd" and "imtest" works ok, socket's permission
is all right (/var/run/saslauthd/mux). But using SASL lib from Exim, it
ignores the pwchek_mtehod... If I run saslauthd in debug mode
(/usr/sbin/saslauthd -a pam -m /var/run/saslauthd -d), it logs nothing when
SASL lib is called from Exim. When called by testsaslauthd and imtest,
saslauthd  debug's log show ok.

Exim seems to be calling SASL lib's normally, I'm posting some info below...

Any ideas? I'm running out of them! Thanks,
Mark J

Exim STRACE: [pid 29899] open("/usr/lib64/sasl2/exim.conf", O_RDONLY) = 6

[root at interno log]# cat /usr/lib64/sasl2/exim.conf
pwcheck_method:saslauthd

[root at interno log]# tail /var/log/messages
Jun 20 22:21:04 interno exim: NTLM server step 1
Jun 20 22:21:04 interno exim: client flags: ffffb207
Jun 20 22:21:04 interno exim: NTLM server step 2
Jun 20 22:21:04 interno exim: client user: MXXXXXX
Jun 20 22:21:04 interno exim: client domain: SOFISANT
Jun 20 22:21:04 interno exim: could not find auxprop plugin, was searching
for '[all]'
Jun 20 22:21:04 interno exim: could not find auxprop plugin, was searching
for '[all]'
Jun 20 22:21:04 interno exim: no secret in database


[root at interno log]# testsaslauthd -u mXXXXXX -p YYYYYYY
0: OK "Success."


[root at interno log]# imtest -u mXXXXXX -w YYYYYYY -a mXXXXXX -v -m login
WARNING: no hostname supplied, assuming localhost
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=NTLM SASL-IR]
interno.sofisant.local Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-1.1.el5 server
ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=NTLM SASL-IR ACL
RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME
UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT
LIST-SUBSCRIBED X-NETSCAPE URLAUTH
S: C01 OK Completed
C: L01 LOGIN mXXXXXX {8}
S: + go ahead
C: <omitted>
S: L01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL
RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME
UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT
LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged in
Authenticated.
Security strength factor: 0

[root at interno log]# /usr/sbin/exim -bd -q1h -d+auth
29857 SMTP>> 250-server.email.interno Hello CPD39 [10.5.4.39]
29857 250-AUTH NTLM
29857 250 HELP
29857 SMTP<< AUTH NTLM
29857 Calling sasl_server_start(NTLM,"")
29857 SMTP>> 334
29857 SMTP<<
TlRMTVNTUAABAAAAB7IIoggACAAtAAAABQAFACgAAAAFASgKAAAAD0NQRDM5U09GSVNBTlQ=
29857 Calling
sasl_server_step("TlRMTVNTUAABAAAAB7IIoggACAAtAAAABQAFACgAAAAFASgKAAAAD0NQRDM5U09GSVNBTlQ=")
29857 SMTP>> 334
TlRMTVNTUAACAAAAKAAoADAAAAAFsgIApX9RPvX5/PUAAAAAAAAAAAAAAAAAAAAAUwBFAFIAVgBFAFIALgBFAE0AQQBJAEwALgBJAE4AVABFAFIATgBPAA==
29857 SMTP<<
TlRMTVNTUAADAAAAGAAYAHQAAAAYABgAjAAAABAAEABIAAAAEgASAFgAAAAKAAoAagAAAAAAAACkAAAABYIAAgUBKAoAAAAPUwBPAEYASQBTAEEATgBUAE0ATABpAGMAYQBzAHQAcgBvAEMAUABEADMAOQB1Om5nsDBkan3TNtobQJkbfkPltX9HZ9Shwx9PPg0gIPnArowf9HMeKj2/xOi1t5w=
29857 Calling
sasl_server_step("TlRMTVNTUAADAAAAGAAYAHQAAAAYABgAjAAAABAAEABIAAAAEgASAFgAAAAKAAoAagAAAAAAAACkAAAABYIAAgUBKAoAAAAPUwBPAEYASQBTAEEATgBUAE0ATABpAGMAYQBzAHQAcgBvAEMAUABEADMAOQB1Om5nsDBkan3TNtobQJkbfkPltX9HZ9Shwx9PPg0gIPnArowf9HMeKj2/xOi1t5w=")
29857 Cyrus SASL permanent failure -20 (user not found)
29857 LOG: REJECT
29857   sasl_auth authenticator (NTLM):
29857   Cyrus SASL permanent failure: user not found
29857 SMTP>> 535 Incorrect authentication data
29857 LOG: MAIN REJECT
29857   sasl_auth authenticator failed for (CPD39) [10.5.4.39]: 535
Incorrect authentication data
29857 SMTP<< AUTH NTLM
29857 host in smtp_accept_max_nonmail_hosts? yes (matched "*")
29857 Calling sasl_server_start(NTLM,"")
29857 SMTP>> 334
29857 SMTP<< *
29857 SMTP>> 501 Authentication cancelled
29857 LOG: MAIN REJECT
29857   sasl_auth authenticator failed for (CPD39) [10.5.4.39]: 501
Authentication cancelled
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20080623/39a537f3/attachment.html 


More information about the Cyrus-sasl mailing list