imapd is not talking to saslauthd

Michael Rüger michael.g.rueger at gmail.com
Tue Jan 30 17:25:44 EST 2018


root at cyrus3:~ # ls -la /var/run/saslauthd/
total 13
drwxr-x---  2 cyrus  saslauth   5 Jan 30 21:40 .
drwxr-xr-x  6 root   wheel     15 Jan 30 21:40 ..
srwxrwxrwx  1 root   saslauth   0 Jan 30 21:40 mux
-rw-------  1 root   saslauth   0 Jan 30 21:40 mux.accept
-rw-------  1 root   saslauth   6 Jan 30 21:40 saslauthd.pid

> Am 30.01.2018 um 23:23 schrieb Ken Murchison <murch at fastmail.com>:
> 
> Hi Michael,
> 
> What are the permissions on the socket that saslauthd is listening on?
> 
> 
> 
> On 01/30/2018 05:06 PM, Michael Rüger wrote:
>> Hi
>> 
>> (btw. i was Guest39278 on IRC yesterday and got the chance to introduce myself on googletalk)
>> 
>> I’m trying to set up imapd to use saslauthd for authentication.
>> 
>> I have already a running saslauthd which uses PAM. I can run this
>> 
>> root at cyrus3:/ # testsaslauthd -u mike -p mike
>> 0: OK "Success.“
>> 
>> and if i run
>> 
>> root at cyrus3:/ # testsaslauthd -u mike -p abc
>> 0: NO "authentication failed“
>> 
>> i get that logged in auth.log like this
>> 
>> Jan 30 21:43:53 cyrus3 saslauthd[88721]: do_auth         : auth failure: [user=mike] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
>> 
>> In imapd.conf i have
>> 
>> sasl_pwcheck_method: saslauthd
>> 
>> Now i’m authenticate against imapd
>> 
>> root at cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost
>> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me/> Cyrus IMAP 3.0.5 server ready
>> C: S01 STARTTLS
>> S: S01 OK Begin TLS negotiation now
>> verify error:num=18:self signed certificate
>> TLS connection established: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>> C: C01 CAPABILITY
>> S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE
>> S: C01 OK Completed
>> C: A01 AUTHENTICATE SCRAM-SHA-1 bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=
>> S: A01 NO authentication failure
>> Authentication failed. generic failure
>> Security strength factor: 256
>> 
>> Nothing is reported in auth.conf
>> 
>> If i do this
>> 
>> root at cyrus3:~ # saslpasswd2 -c mike at cyrus3.intern.rueger.me <mailto:mike at cyrus3.intern.rueger.me>
>> …<entering „mike“ twice here>
>> root at cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost
>> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me/> Cyrus IMAP 3.0.5 server ready
>> C: S01 STARTTLS
>>>> Authenticated.
>> Security strength factor: 256
>> 
>> it is working against local db BUT NOT against saslauthd.
>> 
>> How do i setup imapd to talk to saslauthd?
>> 
>> BTW i’m using
>> * cyrus-imapd30-3.0.5
>> * cyrus-sasl-2.1.26_13
>> * cyrus-sasl-saslauthd-2.1.26_3
>> on FreeBSD 11.1
>> 
>> Thank you for any help,
>> Mike
>> 
> 
> --
> Ken Murchison
> Cyrus Development Team
> FastMail US LLC
> <murch.vcf>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180130/d16df2c4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180130/d16df2c4/attachment.sig>


More information about the Cyrus-sasl mailing list