imapd is not talking to saslauthd
Michael Rüger
michael.g.rueger at gmail.com
Tue Jan 30 17:34:05 EST 2018
Ken, thank you for jumping in!
Some more info: the apps run as the following users and groups
root at cyrus3:~ # ps aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 88686 0.0 0.0 10500 2044 - SsJ 21:40 0:00.02 /usr/sbin/syslogd -s
root 88717 0.0 0.1 43928 4360 - IsJ 21:40 0:00.01 /usr/local/sbin/saslauthd -a pam
root 88718 0.0 0.1 43928 4360 - IJ 21:40 0:00.01 /usr/local/sbin/saslauthd -a pam
root 88720 0.0 0.1 43928 4276 - IJ 21:40 0:00.00 /usr/local/sbin/saslauthd -a pam
root 88721 0.0 0.1 43928 4360 - IJ 21:40 0:00.01 /usr/local/sbin/saslauthd -a pam
root 88722 0.0 0.1 43928 4276 - IJ 21:40 0:00.00 /usr/local/sbin/saslauthd -a pam
cyrus 88724 0.0 0.1 65504 5884 - SsJ 21:40 0:00.07 /usr/local/cyrus/libexec/master -d
root at cyrus3:~ # su - cyrus
% id
uid=60(cyrus) gid=60(cyrus) groups=60(cyrus),1003(saslauth)
> Am 30.01.2018 um 23:25 schrieb Michael Rüger <michael.g.rueger at gmail.com>:
>
> root at cyrus3:~ # ls -la /var/run/saslauthd/
> total 13
> drwxr-x--- 2 cyrus saslauth 5 Jan 30 21:40 .
> drwxr-xr-x 6 root wheel 15 Jan 30 21:40 ..
> srwxrwxrwx 1 root saslauth 0 Jan 30 21:40 mux
> -rw------- 1 root saslauth 0 Jan 30 21:40 mux.accept
> -rw------- 1 root saslauth 6 Jan 30 21:40 saslauthd.pid
>
>> Am 30.01.2018 um 23:23 schrieb Ken Murchison <murch at fastmail.com <mailto:murch at fastmail.com>>:
>>
>> Hi Michael,
>>
>> What are the permissions on the socket that saslauthd is listening on?
>>
>>
>>
>> On 01/30/2018 05:06 PM, Michael Rüger wrote:
>>> Hi
>>>
>>> (btw. i was Guest39278 on IRC yesterday and got the chance to introduce myself on googletalk)
>>>
>>> I’m trying to set up imapd to use saslauthd for authentication.
>>>
>>> I have already a running saslauthd which uses PAM. I can run this
>>>
>>> root at cyrus3:/ # testsaslauthd -u mike -p mike
>>> 0: OK "Success.“
>>>
>>> and if i run
>>>
>>> root at cyrus3:/ # testsaslauthd -u mike -p abc
>>> 0: NO "authentication failed“
>>>
>>> i get that logged in auth.log like this
>>>
>>> Jan 30 21:43:53 cyrus3 saslauthd[88721]: do_auth : auth failure: [user=mike] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
>>>
>>> In imapd.conf i have
>>>
>>> sasl_pwcheck_method: saslauthd
>>>
>>> Now i’m authenticate against imapd
>>>
>>> root at cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost
>>> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me/> Cyrus IMAP 3.0.5 server ready
>>> C: S01 STARTTLS
>>> S: S01 OK Begin TLS negotiation now
>>> verify error:num=18:self signed certificate
>>> TLS connection established: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>>> C: C01 CAPABILITY
>>> S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE
>>> S: C01 OK Completed
>>> C: A01 AUTHENTICATE SCRAM-SHA-1 bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=
>>> S: A01 NO authentication failure
>>> Authentication failed. generic failure
>>> Security strength factor: 256
>>>
>>> Nothing is reported in auth.conf
>>>
>>> If i do this
>>>
>>> root at cyrus3:~ # saslpasswd2 -c mike at cyrus3.intern.rueger.me <mailto:mike at cyrus3.intern.rueger.me>
>>> …<entering „mike“ twice here>
>>> root at cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost
>>> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me/> Cyrus IMAP 3.0.5 server ready
>>> C: S01 STARTTLS
>>> …
>>> Authenticated.
>>> Security strength factor: 256
>>>
>>> it is working against local db BUT NOT against saslauthd.
>>>
>>> How do i setup imapd to talk to saslauthd?
>>>
>>> BTW i’m using
>>> * cyrus-imapd30-3.0.5
>>> * cyrus-sasl-2.1.26_13
>>> * cyrus-sasl-saslauthd-2.1.26_3
>>> on FreeBSD 11.1
>>>
>>> Thank you for any help,
>>> Mike
>>>
>>
>> --
>> Ken Murchison
>> Cyrus Development Team
>> FastMail US LLC
>> <murch.vcf>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180130/85ade994/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180130/85ade994/attachment-0001.sig>
More information about the Cyrus-sasl
mailing list