Can't get pgsql backend to work. What am I doing wrong?

Chris St Denis chris at smartt.com
Tue May 13 18:39:45 EDT 2008


I am trying to get SASL to work authenticated to a postgresql database 
for SMTP auth with postfix. But it sasl is being very uncooperative.

basic system info

    barium# uname -mrs
    FreeBSD 7.0-RELEASE-p1 amd64

    cyrus-sasl version: 2.1.22
    postfix version: 2.5.1

One of my biggest problems is I can't find any documentation of the 
smtpd.conf file, but form what I've pieced together from tutorials and 
such I've got this.

    pwcheck_method: auxprop
    auxprop_plugin: sql
    sql_engine: pgsql
    allowanonymouslogin: no
    allowplaintext: yes
    mech_list: LOGIN PLAIN
    password_format: plaintext
    sql_user: mail
    sql_passwd:
    sql_hostnames: localhost
    sql_database: mail
    sql_select: SELECT pass FROM emails_view WHERE email = '%u@%r'
    log_level: 7
    sql_verbose: true

If I use saslpasswd2 on an account like I get "generic failure". Does 
saslpasswd2 even work on sql or is it sasldb only?

    barium# saslpasswd2 -a smtpd jeann at darkadsl.ca
    saslpasswd2: generic failure

If I run "pluginviewer -a" it only lists sasldb. Shouldn't SQL be in here?

    barium# pluginviewer -a
    Installed auxprop mechanisms are:
    sasldb
    List of auxprop plugins follows
    Plugin "sasldb" ,       API version: 4
            supports store: yes


    barium# pluginviewer -s
    Installed SASL (server side) mechanisms are:
    LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL
    List of server plugins follows
    Plugin "login" [loaded],        API version: 4
            SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
            security flags: NO_ANONYMOUS
            features:
    Plugin "anonymous" [loaded],    API version: 4
            SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
            security flags: NO_PLAINTEXT
            features: WANT_CLIENT_FIRST
    Plugin "plain" [loaded],        API version: 4
            SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
            security flags: NO_ANONYMOUS
            features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
    Plugin "gssapiv2" [loaded],     API version: 4
            SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no
            security flags:
    NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
            features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
    Plugin "digestmd5" [loaded],    API version: 4
            SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
            security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
            features: PROXY_AUTHENTICATION
    Plugin "crammd5" [loaded],      API version: 4
            SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
            security flags: NO_ANONYMOUS|NO_PLAINTEXT
            features: SERVER_FIRST


Configure line

    './configure' --prefix=/usr/local  '--sysconfdir=/usr/local/etc'
    '--with-configdir=/usr/local/lib/sasl2:/usr/local/etc/sasl2'
    '--with-plugindir=/usr/local/lib/sasl2'
    '--with-dbpath=/usr/local/etc/sasldb2'
    '--includedir=/usr/local/include' '--enable-static'
    '--enable-auth-sasldb' '--with-rc4=openssl'
    '--with-saslauthd=/var/run/saslauthd' '--with-dblib=berkeley'
    '--with-bdb-libdir=/usr/local/lib'
    '--with-bdb-incdir=/usr/local/include/db41' '--with-bdb=db41'
    '--enable-sql' '--without-mysql' '--with-pgsql=/usr/local'
    '--without-sqlite' '--enable-alwaystrue' '--with-authdaemond=no'
    '--enable-login' '--disable-otp' '--disable-ntlm' '--enable-gssapi'
    '--disable-krb4' '--with-openssl=yes' '--prefix=/usr/local'
    '--mandir=/usr/local/man' '--infodir=/usr/local/info/'
    'amd64-portbld-freebsd7.0' 'CC=cc' 'CFLAGS=-O -pipe -march=nocona'
    'CPPFLAGS=-fPIC -I/usr/local/include' 'LDFLAGS=
    -rpath=/usr/lib:/usr/local/lib -L/usr/local/lib'
    'build_alias=amd64-portbld-freebsd7.0'
    'host_alias=amd64-portbld-freebsd7.0'
    'target_alias=amd64-portbld-freebsd7.0'
    --cache-file=.././config.cache --srcdir=.

I don't see any errors related to sql in the configure, all I get is

    checking SQL... enabled

And the SQL module seems to get compiled ok.

    if /bin/sh /usr/local/bin/libtool --mode=compile cc -DHAVE_CONFIG_H
    -I. -I. -I..  -I../include -I../lib -I../sasldb -I../include  -fPIC
    -I/usr/local/include -I/usr/local/include/db41 -DKRB5_HEIMDAL
    -I/usr/local/include  -Wall -W -O -pipe -march=nocona -MT sql.lo -MD
    -MP -MF ".deps/sql.Tpo"  -c -o sql.lo `test -f 'sql.c' || echo
    './'`sql.c;  then mv ".deps/sql.Tpo" ".deps/sql.Plo";  else rm -f
    ".deps/sql.Tpo"; exit 1;  fi
     cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb
    -I../include -fPIC -I/usr/local/include -I/usr/local/include/db41
    -DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona
    -MT sql.lo -MD -MP -MF .deps/sql.Tpo -c sql.c  -fPIC -DPIC -o
    .libs/sql.o
    sql.c: In function 'sql_auxprop_plug_init':
    sql.c:1077: warning: unused parameter 'plugname'
     cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb
    -I../include -fPIC -I/usr/local/include -I/usr/local/include/db41
    -DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona
    -MT sql.lo -MD -MP -MF .deps/sql.Tpo -c sql.c -o sql.o >/dev/null 2>&1
    if /bin/sh /usr/local/bin/libtool --mode=compile cc -DHAVE_CONFIG_H
    -I. -I. -I..  -I../include -I../lib -I../sasldb -I../include  -fPIC
    -I/usr/local/include -I/usr/local/include/db41 -DKRB5_HEIMDAL
    -I/usr/local/include  -Wall -W -O -pipe -march=nocona -MT
    sql_init.lo -MD -MP -MF ".deps/sql_init.Tpo"  -c -o sql_init.lo
    `test -f 'sql_init.c' || echo './'`sql_init.c;  then mv
    ".deps/sql_init.Tpo" ".deps/sql_init.Plo";  else rm -f
    ".deps/sql_init.Tpo"; exit 1;  fi
     cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb
    -I../include -fPIC -I/usr/local/include -I/usr/local/include/db41
    -DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona
    -MT sql_init.lo -MD -MP -MF .deps/sql_init.Tpo -c sql_init.c  -fPIC
    -DPIC -o .libs/sql_init.o
     cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb
    -I../include -fPIC -I/usr/local/include -I/usr/local/include/db41
    -DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona
    -MT sql_init.lo -MD -MP -MF .deps/sql_init.Tpo -c sql_init.c -o
    sql_init.o >/dev/null 2>&1
    /bin/sh /usr/local/bin/libtool --mode=link cc  -Wall -W -O -pipe
    -march=nocona  -module -export-dynamic -rpath /usr/local/lib/sasl2
    -rpath=/usr/lib:/usr/local/lib -L/usr/local/lib -o libsql.la  
    -L/usr/local/lib  -R/usr/local/lib -lpq  -version-info 2:22:0 sql.lo
    sql_init.lo plugin_common.lo
    cc -shared  .libs/sql.o .libs/sql_init.o .libs/plugin_common.o 
    -Wl,--rpath -Wl,/usr/local/lib -L/usr/local/lib -lpq  -march=nocona
    -Wl,-soname -Wl,libsql.so.2 -o .libs/libsql.so.2
    (cd .libs && rm -f libsql.so && ln -s libsql.so.2 libsql.so)
    (cd .libs && rm -f libsql.so && ln -s libsql.so.2 libsql.so)
    ar cru .libs/libsql.a  sql.o sql_init.o plugin_common.o
    ranlib .libs/libsql.a
    creating libsql.la
    (cd .libs && rm -f libsql.la && ln -s ../libsql.la libsql.la)
    <snip>
    if cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../plugins
    -I../include -I../sasldb   -fPIC -I/usr/local/include
    -I/usr/local/include/db41 -DKRB5_HEIMDAL -I/usr/local/include  -Wall
    -W -O -pipe -march=nocona -MT sql.o -MD -MP -MF ".deps/sql.Tpo"  -c
    -o sql.o `test -f
    '/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c'
    || echo
    './'`/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c; 
    then mv ".deps/sql.Tpo" ".deps/sql.Po";  else rm -f ".deps/sql.Tpo";
    exit 1;  fi
    /usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c:
    In function 'sql_auxprop_plug_init':
    /usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c:1077:
    warning: unused parameter 'plugname'
    adding static plugins and dependencies
    ar cru .libs/libsasl2.a sasldb.o db_berkeley.o allockey.o cram.o
    digestmd5.o gssapi.o plain.o anonymous.o login.o sql.o

And the files are there

    barium# ll /usr/local/lib/sasl2/*sql*
    -rw-r--r--  1 root  wheel  28568 May 13 10:27
    /usr/local/lib/sasl2/libsql.a
    -rwxr-xr-x  1 root  wheel    826 May 13 10:27
    /usr/local/lib/sasl2/libsql.la
    lrwxr-xr-x  1 root  wheel     11 May 13 10:27
    /usr/local/lib/sasl2/libsql.so -> libsql.so.2
    -rwxr-xr-x  1 root  wheel  27026 May 13 10:27
    /usr/local/lib/sasl2/libsql.so.2


For some reason I get some mysql related errors in the syslog like 
these. I'm using postgresql not mysql. It's compiled without mysql.

    May 13 15:05:42 barium pluginviewer: SQL engine 'mysql' not supported
    May 13 15:05:42 barium pluginviewer: auxpropfunc error no mechanism
    available
    May 13 15:05:46 barium pluginviewer: SQL engine 'mysql' not supported
    May 13 15:05:46 barium pluginviewer: auxpropfunc error no mechanism
    available
    May 13 15:05:51 barium pluginviewer: SQL engine 'mysql' not supported
    May 13 15:05:51 barium pluginviewer: auxpropfunc error no mechanism
    available
    May 13 15:17:38 barium server: SQL engine 'mysql' not supported
    May 13 15:17:38 barium server: auxpropfunc error no mechanism available

Other than that, I only get generic errors like

    May 13 15:31:07 barium postfix/smtpd[79672]: warning: SASL
    per-process initialization failed: generic failure
    May 13 15:31:07 barium postfix/smtpd[79672]: fatal: SASL per-process
    initialization failed

using the client/server in "sample"

Client

    barium# ./client -s smtpd -m LOGIN localhost
    receiving capability list... recv: {48}
    LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
    LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
    send: {5}
    LOGIN
    send: {1}
    N
    recv: {9}
    Username:
    please enter an authentication id: jeann at darkadsl.ca
    Password:
    send: {17}
    jeann at darkadsl.ca
    recv: {9}
    Password:
    send: {6}
    asdfgh
    authentication failed
    closing connection

Server

    accepted new connection
    send: {48}
    LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
    recv: {5}
    LOGIN
    recv: {1}
    N
    send: {9}
    Username:
    recv: {17}
    jeann at darkadsl.ca
    send: {9}
    Password:
    recv: {6}
    asdfgh
    performing SASL negotiation: user not foundclosing connection

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20080513/3c35a507/attachment.html 


More information about the Cyrus-sasl mailing list