auth problems, cyrus not using my saslauthd/pam config
Steve Maring
steve.maring at gmail.com
Wed May 26 11:39:13 EDT 2010
I am on an Ubuntu 10.04 system with Cyrus 2.2.13 trying to get my imap
user's to auth again my mysql database.
I can do this:
# testsaslauthd -u smaring at rhythix.com -p xxxxxxxx -f
/var/spool/postfix/var/run/saslauthd/mux -s imap
0: OK "Success."
However, I never seem to be able to step up one level and authenticate
through imap:
# cyradm --user smaring at rhythix.com localhost
IMAP Password:
Login failed: generic failure at
/usr/lib/perl5/Cyrus/IMAP/Admin.pm line 119
cyradm: cannot authenticate to server as smaring at rhythix.com
or
# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK server Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready
01 LOGIN smaring at rhythix.com xxxxxxxx
01 NO Login failed: generic failure
when I try to authenticate through imap I never see an auth attempt
show up in /var/log/auth.log and I see this in syslog:
May 26 11:32:31 server cyrus/imap[2218]: accepted connection
May 26 11:32:47 server cyrus/imap[2218]: badlogin: localhost
[127.0.0.1] plaintext smaring at rhythix.com SASL(-1): generic failure:
checkpass failed
May 26 11:34:02 server cyrus/master[1133]: process 2218 exited, status 0
my /etc/imapd.conf:
configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: no
unixhierarchysep: yes
lmtp_downcase_rcpt: yes
admins: smaring at rhythix.com
allowanonymouslogin: no
popminpoll: 1
autocreatequota: 0
umask: 077
sieveusehomedir: false
sievedir: /var/spool/sieve
hashimapspool: true
allowplaintext: yes
sasl_mech_list: PLAIN LOGIN
loginrealms: rhythix.com
virtdomains: userid
sasl_pwcheck_method: saslauthd
sasl_auto_transition: no
tls_cert_file: /etc/ssl/certs/smtpd.crt
tls_key_file: /etc/ssl/private/smtpd.key
tls_ca_file: /etc/ssl/certs/cacert.pem
tls_ca_path: /etc/ssl/certs
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
lmtpsocket: /var/run/cyrus/socket/lmtp
idlemethod: poll
idlesocket: /var/run/cyrus/socket/idle
notifysocket: /var/run/cyrus/socket/notify
syslog_prefix: cyrus
my /etc/cyrusd.conf:
START {
recover cmd="/usr/sbin/ctl_cyrusdb -r"
delprune cmd="/usr/sbin/cyr_expire -E 3"
tlsprune cmd="/usr/sbin/tls_prune"
}
SERVICES {
imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
imaps cmd="imapd -s -U 30" listen="imaps" prefork=0
maxchild=100
lmtpunix cmd="lmtpd"
listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20
sieve cmd="timsieved" listen="localhost:sieve"
prefork=0 maxchild=100
notify cmd="notifyd"
listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
}
EVENTS {
checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30
delprune cmd="/usr/sbin/cyr_expire -E 3" at=0401
tlsprune cmd="/usr/sbin/tls_prune" at=0401
}
my /etc/pam.d/imap has only:
auth sufficient pam_mysql.so ...
account required pam_mysql.so ...
my /etc/default/saslauthd:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
Many thanks for any thoughts,
Steve Maring
Tampa, FL
More information about the Cyrus-sasl
mailing list