imapd is not talking to saslauthd

Ken Murchison murch at fastmail.com
Tue Jan 30 17:23:20 EST 2018


Hi Michael,

What are the permissions on the socket that saslauthd is listening on?



On 01/30/2018 05:06 PM, Michael Rüger wrote:
> Hi
>
> (btw. i was Guest39278 on IRC yesterday and got the chance to 
> introduce myself on googletalk)
>
> I’m trying to set up imapd to use saslauthd for authentication.
>
> I have already a running saslauthd which uses PAM. I can run this
>
> root at cyrus3:/ # testsaslauthd -u mike -p mike
> 0: OK "Success.“
>
> and if i run
>
> root at cyrus3:/ # testsaslauthd -u mike -p abc
> 0: NO "authentication failed“
>
> i get that logged in auth.log like this
>
> Jan 30 21:43:53 cyrus3 saslauthd[88721]: do_auth         : auth 
> failure: [user=mike] [service=imap] [realm=] [mech=pam] [reason=PAM 
> auth error]
>
> In imapd.conf i have
>
> sasl_pwcheck_method: saslauthd
>
> Now i’m authenticate against imapd
>
> root at cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost
> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS 
> LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM 
> SASL-IR] cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me> 
> Cyrus IMAP 3.0.5 server ready
> C: S01 STARTTLS
> S: S01 OK Begin TLS negotiation now
> verify error:num=18:self signed certificate
> TLS connection established: TLSv1.2 with cipher 
> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA 
> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
> MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT 
> SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT 
> THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 
> METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN 
> QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE 
> DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=SCRAM-SHA-1 
> AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR 
> COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE 
> X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE
> S: C01 OK Completed
> C: A01 AUTHENTICATE SCRAM-SHA-1 
> bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=
> S: A01 NO authentication failure
> Authentication failed. generic failure
> Security strength factor: 256
>
> Nothing is reported in auth.conf
>
> If i do this
>
> root at cyrus3:~ # saslpasswd2 -c mike at cyrus3.intern.rueger.me 
> <mailto:mike at cyrus3.intern.rueger.me>
> …<entering „mike“ twice here>
> root at cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost
> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS 
> LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM 
> SASL-IR] cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me> 
> Cyrus IMAP 3.0.5 server ready
> C: S01 STARTTLS
>> Authenticated.
> Security strength factor: 256
>
> it is working against local db BUT NOT against saslauthd.
>
> How do i setup imapd to talk to saslauthd?
>
> BTW i’m using
> * cyrus-imapd30-3.0.5
> * cyrus-sasl-2.1.26_13
> * cyrus-sasl-saslauthd-2.1.26_3
> on FreeBSD 11.1
>
> Thank you for any help,
> Mike
>

-- 
Ken Murchison
Cyrus Development Team
FastMail US LLC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180130/71ca786d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: murch.vcf
Type: text/x-vcard
Size: 4 bytes
Desc: not available
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180130/71ca786d/attachment-0001.vcf>


More information about the Cyrus-sasl mailing list