Can't successfully test credentials I just created

Ann Onemouse annonemouse at me.com
Mon Nov 17 14:37:37 EST 2008 

Hello.

I am trying to get saslauthd to provide authentication services for  
postfix, and I have a problem which I think is related only to  
saslauthd. I have installed saslauthd 2.1.22-4 from RPM on a CentOS  
5.2 xen virtual server:
===================
# uname -a
Linux myhost.mydomain.com 2.6.24-19-xen #1 SMP Sat Jul 12 00:15:59 UTC  
2008 x86_64 x86_64 x86_64 GNU/Linux

# rpm -qi cyrus-sasl
Name        : cyrus-sasl                   Relocations: (not  
relocatable)
Version     : 2.1.22                            Vendor: CentOS
Release     : 4                             Build Date: Sun Jan  7  
07:18:17 2007
...
===================


Then I start it up, and try to create a test user with credentials  
testuser/testpass. I then get a list of the sasldb users, and it seems  
correct. I also verify the location of the password database:
===================
# service saslauthd start
Starting saslauthd:                                        [  OK  ]

# echo "testpass" | saslpasswd2 -c testuser -p

# sasldblistusers2
testuser at myhost.mydomain.com: userPassword

# ls -l /etc/sasldb2
-rw-r----- 1 root postfix 12288 Nov 17 14:14 /etc/sasldb2
===================


So far, so good. At this point, I'd like to test the account I just  
made, so...
===================
# testsaslauthd -u testuser -p testpass
0: NO "authentication failed"

# testsaslauthd -u testuser -r myhost.mydomain.com -p testpass
0: NO "authentication failed"

# testsaslauthd -u testuser at myhost.mydomain.com-p testpass
0: NO "authentication failed"
===================
Huh? What's up with that?


Next, I check to see what methods saslauthd might be using:
===================
# cat /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file,  
and so
# on.  This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords.  Run "saslauthd -v" to get  
a list
# of which mechanism your installation was compiled with the ablity to  
use.
MECH=pam

# Additional flags to pass to saslauthd on the command line.  See  
saslauthd(8)
# for the list of accepted flags.
FLAGS=
===================

OK -- it's using PAM. I don't really want this, because I don't want  
these email credentials to be associated with a shell account. So I  
check to see what methods are supported by my build...
===================
# saslauthd -v
saslauthd 2.1.22
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
===================

Which of these methods allows be to authenticate against the  
credentials I just created using saslpasswd2? Non of them seems to  
work. At least, none of them seems to make "testsaslauthd -u testuser - 
p testpass" run successfully.   :(

What am I missing here?

Thanks,
- Ann

More information about the Cyrus-sasl mailing list