saslpasswd2: could not find auxprop plugin

Dan White dwhite at olp.net
Wed Jan 14 10:11:33 EST 2009 

Simone Romano wrote:
> Hi to all,
>
> I'm trying to install a mail server using the following guide:
> www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/
>
> The installation seems to work. But now when I try to add new user and
> create the sasldb2 DB with saslpasswd2 -c user command in my
> /var/log/messages I found the following output:
>
> Jan 14 14:37:11 ms saslpasswd2: could not find auxprop plugin, was
> searching for [all]
> Jan 14 14:37:11 ms saslpasswd2: secret not changed for cyrus: no
> writable auxprop plugin or setpass callback found
> Jan 14 14:37:11 ms saslpasswd2: could not find auxprop plugin, was
> searching for [all]
>
> And the /etc/saldb2 was not created
>
> I searched a solution by Google but I didn't find how to fix this error
> Can anyone help me?
>
> Thanks in advance
> Simo
>   

Simone,

After looking through that document, I see the following SASL config tips:

In /usr/local/lib/sasl2/smtpd.conf:

pwcheck_method: saslauthd

and in /etc/imapd.conf:
sasl_mech_list: PLAIN
sasl_pwcheck_method: saslauthd

/etc/imapd-local.conf:
sasl_mech_list: PLAIN
sasl_pwcheck_method: saslauthd

saslauthd is started like:
/usr/local/sbin/saslauthd -c -a pam&

and PAM is configured to use mysql - in /etc/pam.d/imap:
auth sufficient pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
auth sufficient pam_unix_auth.so
account required pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
account  sufficient       pam_unix_acct.so

And then later it encourages you to:

"To add the Cyrus user to the sasldb use the command:
saslpasswd2 -c cyrus
Password: (enter your passwd)
Again (for verification): (enter your password)"

and then the next step is to create other users using a MySQL client utility.


The problem is that there's a step missing somewhere before the 'saslpasswd2' command, which doesn't make a lot of sense given the bigger picture.

Probably your easiest fix is just to use the MySQL client to create the 'cyrus' user, rather than using saslpasswd2.

If you really wish to create users with saslpasswd2 then you'll need to create a saslpass2.conf config for SASL, to give it hints on how to store users.

For example, place the following in /usr/lib/sasl2/saslpasswd2.conf:
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN
sql_engine: mysql
sql_user: mail
sql_passwd: <the mysql user mail’s password>
sql_hostnames: <the mysqld hostname>
sql_database: mail
sql_select: SELECT password FROM accountuser WHERE username = ’%u@%r’
      OR (username =’%u’ AND domain_name = ’’) (all one line)



SASL config options are documented in the /doc/options.html file within the SASL source.

I found the above config in at http://www.qwik.net/howto/howto.pdf

More information about the Cyrus-sasl mailing list