pwcheck doesn't work after system restart
Mark Keasling
mark at air.co.jp
Thu May 22 00:01:00 EDT 2003
Hi,
I don't see a setting for a password checking method in the imapd.conf.
So it is using what ever the default is. Could be though that Cyrus 1.5
does not have a setting. Check the imapd.conf(5) man page if it is
available to see what information it has about the authentication
configuration aka SASL. The may be a pwcheck_method or sasl_pwcheck_method
option(s).
No cyrus.conf is strange.
Cyrus 1.5 is a little before my time. I think I've tried to compile it
once a loooong time ago. With "tried" being the key word. I'm more familiar
with the 2.x series. You may need to wait for the CMU guys to come online
since they are much more knowledgable than I.
There may be useful info on the Cyrus home page which is here:
http://asg.web.cmu.edu/cyrus/
This is probably the syslog initialization...
> socket(PF_UNIX, SOCK_DGRAM, 0) = 3
> fcntl64(3, F_SETFD, FD_CLOEXEC) = -1 ENOSYS (Function not
> implemented)
> fcntl(3, F_SETFD, FD_CLOEXEC) = 0
> connect(3, {sin_family=AF_UNIX, path="/dev/log"}, 16) = 0
If you aren't getting any log information and Cyrus 1.5 is actually logging
stuff as it should, find your syslog.conf (usually /etc/syslog.conf) and
add an entry for local6 as follows:
local6.debug /var/log/imapd.log
Then:
touch /var/log/imapd.log
kill -HUP <syslogd-pid>
At this point, stuff -should- start appearing in the log file.
On Thu, 22 May 2003 13:14:19 +1000, Stewart <stewart at f8.com.au> wrote...
>
> On Thursday, May 22, 2003, at 12:10 PM, Mark Keasling wrote:
>
> > Hi,
> >
> > The Cyrus learning curve is fairly steep. It requires patience.
> > Lots of it. You may have to take out a loan. :) I'm still no expert.
>
> heh. it's not like uw-imap that's always 'just worked' for me, that's
> for sure. unfortunately uw-imap wasn't really 'just working' for a
> number of my users with >100Mb inboxes. hence the change...
>
> > Cyrus 1.5.x is fairly old. Assuming an upgrade is available for your
> > system you might consider a more recent version.
>
> curse of apt-get i think. or my decision to use debian-stable. i'll see
> what's in unstable - i'm not quite so desperate that i'm ready to
> compile from source.... yet. but that may be the only way to get more
> current.
>
> > If you don't mind, could you post your imapd.conf, cyrus.conf and log
> > files so we can see your setup and log output?
>
> OK.. this'll be long but here goes....
>
> imapd.conf is:
> ==========
> # Debian Cyrus imapd.conf
> # See imapd.conf(5) for more information
>
> # Configuration directory
> configdirectory: /var/lib/cyrus
>
> # Which partition to use for default mailboxes
> defaultpartition: default
> partition-default: /var/spool/cyrus/mail
>
> # News setup
> partition-news: /var/spool/cyrus/news
> newsspool: /var/spool/news
>
> # Uncomment the following and add the space-separated users who
> # have admin rights
> admins: stewart #yes i know i ought not use my uname for admin, will
> sort that later..
>
> # No anonymous logins
> allowanonymouslogin: no
>
> # Minimum time between POP mail fetches in minutes
> popminpoll: 1
>
> # umask used by Cyrus programs
> umask: 077
> =========
>
> there is no cyrus.conf. !!?!
>
> fwiw the relevant part of xinetd.conf is:
>
> service imap2
> {
> socket_type = stream
> protocol = tcp
> wait = no
> user = cyrus
> server = /usr/sbin/imapd
> }
>
> =========
> the /etc/init.d/pwcheck script is (in part)
>
> PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
> DAEMON=/usr/sbin/pwcheck
> NAME=pwcheck
> DESC="Cyrus pwcheck daemon"
>
> test -f $DAEMON || exit 0
>
> set -e
>
> # Now we need to check where /usr/sbin/pwcheck points
> PWCHECK_DEST=`ls -lL /usr/sbin/pwcheck`
> PWCHECK_STANDARD=`ls -l /usr/sbin/pwcheck_standard | sed "s/_.*//g"`
> PWCHECK_PAM=`ls -l /usr/sbin/pwcheck_pam | sed "s/_.*//g"`
>
> if [ "$PWCHECK_DEST" = "$PWCHECK_STANDARD" ]; then
> PWCHECK="STANDARD"
> DESC="Cyrus standard pwcheck daemon"
> else
> PWCHECK="PAM"
> DESC="Cyrus PAM pwcheck daemon"
> fi
>
>
> case "$1" in
> start)
> echo -n "Starting $DESC: "
> if [ "$PWCHECK" = "STANDARD" ]; then
> start-stop-daemon --start --quiet --background
> --chuid cyrus --exec $DAEMON
> else
> start-stop-daemon --start --quiet --background
> --exec $DAEMON
> fi
> echo "$NAME."
> ;;
>
> =========
>
> nothing is logged anywhere, that i can find, when i run the script.
> have yet to run syslog in debug mode but we have just done an strace
> and got this (which is getting into deep geekery that i can only just
> follow :)
>
> execve("/usr/sbin/pwcheck", ["/usr/sbin/pwcheck"], [/* 14 vars */]) = 0
> uname({sys="Linux", node="humphrey", ...}) = 0
> brk(0) = 0x10011604
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x30014000
> open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or
> directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat64(0x3, 0x7ffff0d8) = -1 ENOSYS (Function not
> implemented)
> fstat(3, {st_mode=S_IFREG|0644, st_size=6998, ...}) = 0
> mmap(NULL, 6998, PROT_READ, MAP_PRIVATE, 3, 0) = 0x30015000
> close(3) = 0
> open("/lib/libcrypt.so.1", O_RDONLY) = 3
> read(3, "\177ELF\1\2\1\0\0\0\0\0\0\0\0\0\0\3\0\24\0\0\0\1\0\0\v"...,
> 1024) = 1024
> fstat(3, {st_mode=S_IFREG|0644, st_size=20864, ...}) = 0
> mmap(0xffb4000, 245384, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
> 0xffb4000
> mprotect(0xffb8000, 229000, PROT_NONE) = 0
> mmap(0xffc4000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
> 0) = 0xffc4000
> mmap(0xffc9000, 159368, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xffc9000
> close(3) = 0
> open("/lib/libc.so.6", O_RDONLY) = 3
> read(3, "\177ELF\1\2\1\0\0\0\0\0\0\0\0\0\0\3\0\24\0\0\0\1\0\2]\264"...,
> 1024) = 1024
> fstat(3, {st_mode=S_IFREG|0755, st_size=1270932, ...}) = 0
> mmap(0xfe59000, 1353556, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
> 0xfe59000
> mprotect(0xff6f000, 214868, PROT_NONE) = 0
> mmap(0xff79000, 155648, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
> 0x110000) = 0xff79000
> mmap(0xff9f000, 18260, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xff9f000
> close(3) = 0
> munmap(0x30015000, 6998) = 0
> socket(PF_UNIX, SOCK_DGRAM, 0) = 3
> fcntl64(3, F_SETFD, FD_CLOEXEC) = -1 ENOSYS (Function not
> implemented)
> fcntl(3, F_SETFD, FD_CLOEXEC) = 0
> connect(3, {sin_family=AF_UNIX, path="/dev/log"}, 16) = 0
> fork() = 844
> exit(0) = ?
>
>
> i'm told the fork() at the end means it's starting process ID 844 but
> that must be dying or something because it doesn't show up in the
> process list at all. up the top it's complaining that it can't find
> /etc/ld.so.preload which strikes me as strange that you'd go looking
> for a library in /etc.., if i'm right in thinking ld.so.preload is in
> fact a linked or static library? but like i say i only just follow what
> that's all about... [while writing this my colleague has researched
> some more and says he thinks the lack of /etc/ld.so.* may not be
> significant..]
>
> ==========
>
> /var/log/mail/mail.log says this when i try to check mail from my
> laptop using test username 'mark' which is a local unix user and worked
> fine last night..
>
> May 22 12:30:37 humphrey imapd[724]: badlogin: [192.168.1.15] plaintext
> mark cannot connect to pwcheck server
>
> ==========
>
> in README.pwcheck it mentions having a /var/pwcheck directory for the
> socket. this doesn't exist but /var/state/pwcheck does. we've tried
> copying (with permissions) /var/state/pwcheck to /var/ but that made no
> difference.
>
> ==========
>
> > Do you remember how pwcheck was started the first time?
>
> i wasn't aware it even existed until it stopped working. :) presume the
> debian installer did it for me. but i've rebooted the machine a number
> of times already since installing cyrus and it kept working, til this
> morning.
>
> > Check the /etc/init.d/pwcheck script and trying running pwcheck via
> > the command line. It may produce informative output.
>
> have looked at the script and run it from command line without any
> useful output beyond the 'starting pwcheck daemon' msg on the console.
>
> > I assume that you know that and are already running it as root.
>
> yup. :)
>
> > That's about it off the top of my head where hair once grew. :)
>
> heh. trying to not lose my own down here after all this.. :)
>
> thanks for your help...
>
> ..S.
>
Regards,
Mark Keasling <mark at air.co.jp>
More information about the Info-cyrus
mailing list