auth problems, cyrus not using my saslauthd/pam config

[Steve Maring]

I am on an Ubuntu 10.04 system with Cyrus 2.2.13 trying to get my imap
user's to auth again my mysql database.

I can do this:

# testsaslauthd -u smaring at rhythix.com -p xxxxxxxx -f
/var/spool/postfix/var/run/saslauthd/mux -s imap
0: OK "Success."

However, I never seem to be able to step up one level and authenticate
through imap:

# cyradm --user smaring at rhythix.com localhost
IMAP Password:
              Login failed: generic failure at
/usr/lib/perl5/Cyrus/IMAP/Admin.pm line 119
cyradm: cannot authenticate to server as smaring at rhythix.com

or

# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK server Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready
01 LOGIN smaring at rhythix.com xxxxxxxx
01 NO Login failed: generic failure


when I try to authenticate through imap I never see an auth attempt
show up in /var/log/auth.log and I see this in syslog:

May 26 11:32:31 server cyrus/imap[2218]: accepted connection
May 26 11:32:47 server cyrus/imap[2218]: badlogin: localhost
[127.0.0.1] plaintext smaring at rhythix.com SASL(-1): generic failure:
checkpass failed
May 26 11:34:02 server cyrus/master[1133]: process 2218 exited, status 0


my /etc/imapd.conf:

configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: no
unixhierarchysep: yes
lmtp_downcase_rcpt: yes
admins: smaring at rhythix.com
allowanonymouslogin: no
popminpoll: 1
autocreatequota: 0
umask: 077
sieveusehomedir: false
sievedir: /var/spool/sieve
hashimapspool: true
allowplaintext: yes
sasl_mech_list: PLAIN LOGIN
loginrealms: rhythix.com
virtdomains: userid
sasl_pwcheck_method: saslauthd
sasl_auto_transition: no
tls_cert_file: /etc/ssl/certs/smtpd.crt
tls_key_file: /etc/ssl/private/smtpd.key
tls_ca_file: /etc/ssl/certs/cacert.pem
tls_ca_path: /etc/ssl/certs
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
lmtpsocket: /var/run/cyrus/socket/lmtp
idlemethod: poll
idlesocket: /var/run/cyrus/socket/idle
notifysocket: /var/run/cyrus/socket/notify
syslog_prefix: cyrus

my /etc/cyrusd.conf:

START {
        recover         cmd="/usr/sbin/ctl_cyrusdb -r"
        delprune        cmd="/usr/sbin/cyr_expire -E 3"
        tlsprune        cmd="/usr/sbin/tls_prune"
}
SERVICES {
        imap            cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
        imaps           cmd="imapd -s -U 30" listen="imaps" prefork=0
maxchild=100
        lmtpunix        cmd="lmtpd"
listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20
        sieve           cmd="timsieved" listen="localhost:sieve"
prefork=0 maxchild=100
        notify          cmd="notifyd"
listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
}

EVENTS {
        checkpoint      cmd="/usr/sbin/ctl_cyrusdb -c" period=30
        delprune        cmd="/usr/sbin/cyr_expire -E 3" at=0401
        tlsprune        cmd="/usr/sbin/tls_prune" at=0401
}

my /etc/pam.d/imap has only:

auth sufficient pam_mysql.so ...
account required pam_mysql.so ...

my /etc/default/saslauthd:

START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"


Many thanks for any thoughts,
Steve Maring
Tampa, FL