saslauthd & PAM??

Jeffrey Ross jeff at bubble.org
Fri Nov 25 21:21:47 EST 2011


On 11/25/2011 06:16 PM, jeff at bubble.org wrote:
> John,
>
> It was worth a shot but I just checked, my version of saslauthd was not
> compiled to use sasldb as an authentication method:
>
> # /usr/sbin/saslauthd -v
> saslauthd 2.1.23
> authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
>
> Thanks,
> Jeff
>
>> Jeff,
>>
>> Perhaps try sasldblistusers2 to check your user database?
>>
>> - John Wright
>> Starfire Research
>>
>> On 11/25/2011 4:28 PM, jeff at bubble.org wrote:
>>> I'm running a Fedora 16 system, recently upgraded from Fedora 15 and I
>>> am
>>> unable to get saslauthd to authenticate users.
>>>
>>> What I have been able to figure out so far is that the parameters are
>>> being passed to saslautd (eg testsaslauthd -u username -p password -s
>>> smtp) but saslauthd appears to simply sit on the request, running a
>>> strace
>>> -f -p xxxx on the saslauthd process I can see my username and password
>>> sitting there but that's it, its just sitting there.
>>>
>>> output from strace:
>>> fcntl(6, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0,
>>> len=1}{sa_family=AF_FILE, NULL}, [2]) = 7
>>> fcntl(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=1}) = 0
>>> ) = 0
>>> accept(5, read(7, "\0\4", 2)                      = 2
>>> read(7, "username", 4)                  = 4
>>> read(7, "\0\6", 2)                      = 2
>>> read(7, "passwd", 6)                    = 6
>>> read(7, "\0\4", 2)                      = 2
>>> read(7, "smtp", 4)                      = 4
>>> read(7, "\0\0", 2)                      = 2
>>> read(7,
>>>
>>> I think this means that testsaslauthd is passing the query to saslauthd
>>> correctlybut saslauthd for whatever reason isn't contacting PAM
>>> properly.
>>>
>>> sysconfig/saslauthd:
>>>
>>> SOCKETDIR=/var/run/saslauthd
>>> MECH=pam
>>> FLAGS=
>>>
>>> /etc/pam.d/smtp:
>>>
>>> #%PAM-1.0
>>> auth		include		password-auth
>>> account		include		password-auth
>>>
>>>
>>> selinux is disabled
>>>
>>> I'm probably missing something pretty simple but not sure where to look,
>>> suggestions would be appreciated.
>>>
>>> Thanks, Jeff
>>>
>>>
>>>
It looks like the supplied version of saslauthd on Fedora 16 is simply 
broken, a recompile with 2.1.25 worked with no issues.

Thanks, Jeff


More information about the Cyrus-sasl mailing list