Rép : Re: Issues under FreeBSD 8.0
Jean-Marie Postel
postel at mac.com
Thu Dec 3 02:15:19 EST 2009
Please take me out of your mailing list !!!!!!!
Thanks
Le jeudi03décembre2009 à 07:37AM, "Dan White" <dwhite at olp.net> a écrit :
>On 02/12/09 15:17 -0800, Corey Chandler wrote:
>> Dan White wrote:
>>> On 02/12/09 10:03 -0800, Corey Chandler wrote:
>>>> I recently upgraded from FreeBSD 7.2 to 8.0. This resulted in a
>>>> strange error with authdaemond when used in conjunction with
>>>> postfix; I've rebuilt all of the packages, but the config they're
>>>> using has worked since the 6.0 days.
>>>>
>>>> I attempt to send a message using SASL and get the following in my
>>>> logs (passwords and hashes have been consistently redacted; nothing
>>>> else has been altered):
>>>>
>>>> -- content of /usr/local/lib/sasl2/smtpd.conf --
>>>> pwcheck_method: authdaemond
>>>> log_level: 7
>>>> mech_list: PLAIN LOGIN
>>>> authdaemond_path: /var/run/authdaemond/socket
>>>
>> Bloody hell, thought they were in the same logfile; my apologies. The
>> issue is that while IMAP works correctly authenticating against
>> authdaemond, any attempt I make to authenticate via SASL fails according
>> to postfix, yet succeeds according to authdaemond.
>>
>> As to logs, here you go:
>>
>> Dec 2 15:10:03 alcatraz postfix/smtpd[16120]: warning: where.i.sit:
>> address not listed for hostname HOSTNAME
>> Dec 2 15:10:03 alcatraz postfix/smtpd[16120]: connect from
>> unknown[where.i.sit]
>> Dec 2 15:10:06 alcatraz postfix/smtpd[16120]: warning: SASL
>> authentication failure: could not verify password
>> Dec 2 15:10:06 alcatraz postfix/smtpd[16120]: warning: SASL
>> authentication failure: Password verification failed
>> Dec 2 15:10:06 alcatraz postfix/smtpd[16120]: warning:
>> unknown[where.i.sit]: SASL PLAIN authentication failed: generic failure
>> Dec 2 15:10:06 alcatraz authdaemond: Authenticated: sysusername=<null>,
>> sysuserid=1008, sysgroupid=1008, homedir=/usr/local/virtual/,
>> address=jay at sequestered.net, fullname=Jay Chandler,
>> maildir=sequestered.net/jay at sequestered.net/, quota=1024000000S,
>> options=<null>
>> Dec 2 15:10:06 alcatraz authdaemond: Authenticated:
>> clearpasswd=omgponies, passwd=$1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp1
>> Dec 2 15:10:06 alcatraz postfix/smtpd[16120]: warning: SASL
>> authentication failure: could not verify password
>> Dec 2 15:10:06 alcatraz postfix/smtpd[16120]: warning:
>> unknown[where.i.sit]: SASL LOGIN authentication failed: generic failure
>> Dec 2 15:10:06 alcatraz authdaemond: Authenticated: sysusername=<null>,
>> sysuserid=1008, sysgroupid=1008, homedir=/usr/local/virtual/,
>> address=jay at sequestered.net, fullname=Jay Chandler,
>> maildir=sequestered.net/jay at sequestered.net/, quota=1024000000S,
>> options=<null>
>> Dec 2 15:10:06 alcatraz authdaemond: Authenticated:
>> clearpasswd=omgponies, passwd=$1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp1
>
>Per cyrus sasl source in lib/pwcheck.c, function authdaemon_build_query,
>the following gets sent to authdaemond:
>
>AUTH <size>
><service>
>login
><user>
><password>
>
>e.g.
>
>AUTH 33
>smtp
>login
>dwhite at olp.net
>secret
>
>And expects to get a response which includes a line of 'FAIL\n' or '.\n'
>(success). See function authdaemon_talk. e.g.:
>
>USERNAME=dwhite at olp.net
>GID=1001
>HOME=/home/dwhite at olp.net
>ADDRESS=dwhite at olp.net
>NAME=
>PASSWD=$1xxxxxxxxxxxx
>PASSWD2=secret
>.
>
>I was able to successfully test authentication on my Debian system, using
>the following versions:
>
>courier-authdaemon 0.62.4-1
>libsasl2-2 2.1.23.dfsg1-2
>postfix 2.5.5-1.1
>
>with an authdaemond configuration of:
>
>authmodulelist="authpam"
>authmodulelistorig="authuserdb authpam authpgsql authldap authmysql
>authcustom authpipe"
>daemons=5
>authdaemonvar=/var/run/courier/authdaemon
>DEBUG_LOGIN=2
>DEFAULTOPTIONS=""
>LOGGEROPTS=""
>
>and a postfix smtpd.conf (sasl) config of:
>pwcheck_method: authdaemond
>log_level: 7
>mech_list: PLAIN LOGIN
>authdaemond_path: /var/run/courier/authdaemon/socket
>
>
>Perhaps there's a code change within authdaemon or a config change that is
>confusing the sasl library. I'm pasting a couple of perl scripts that might
>help you troubleshoot your setup.
>
>This script opens a unix domain socket and simply prints out whatever it
>receives:
>
>
>
>#!/usr/bin/perl
>use strict; $|++;
>use IO::Socket;
>
>my $socketfile = $ARGV[0];
>
>unlink $socketfile;
>my $data;
>my $server = IO::Socket::UNIX->new(Local => $socketfile,
> Type => SOCK_STREAM,
> Listen => 32 ) or die $!;
>$server->autoflush(1);
>while ( my $connection = $server->accept() ) {
> my $pid = fork();
> if ($pid == 0) { # child
> while (<$connection>) {
> print $_;
> }
> }
>}
># Adapted from a script found at
># http://www.rexroof.com/blog/2005/09/unix-domain-sockets-in-perl.php
>
>
>You could run on a specified socket file (such as /tmp/mysocket), and then
>point authdaemond_path to it within Postfix to see what it's sending to
>authdaemond.
>
>This script opens a client unix domain connection to a specified socket,
>and should allow you to speak directly to authdaemond and see what it is
>returning:
>
>
>
>#!/usr/bin/perl
>use IO::Socket; # new in 5.004
>
>my $socket = shift || '/tmp/catsock';
>$handle = IO::Socket::UNIX->new($socket)
> || die "can't connect to $socket: $!";
>$handle->autoflush(1);
>if (fork()) { # XXX: undef means failure
> select($handle);
> print while <STDIN>; # everything from stdin to socket
>} else {
> print while <$handle>; # everything from socket to stdout
>}
>close $handle;
>exit;
># Adapted from a script found at
># http://www.perlmonks.org/?node=Can%20I%20use%20perl%20to%20run%20a%20telnet%20or%20ftp%20session%3F
>
>
>--
>Dan White
>
>
More information about the Cyrus-sasl
mailing list