Authenticate via saslauthd: "generic failure: checkpass failed"
Jacob Friis Larsen
jfl at list.idg.dk
Thu Aug 12 06:36:04 EDT 2004
I am trying to make cyrus authenticate via saslauthd.
The problem is that when using "sasl_pwcheck_method: saslauthd" I get
"generic failure: checkpass failed".
If I use "sasl_pwcheck_method: auxprop" it's working.
Since I only see SQL queries in /var/log/mysql/mysql.log when using
auxprop I guess that the problem is between cyrus, saslauthd and or pam.
The system is running Debian stable/testing. Cyrus is cyrus21-imapd
(2.1.16-6)
I have read all guides and searched Goggle.
Below are info you might need. Please help.
Aug 12 11:53:37 debpro cyrus/imapd[32568]: badlogin: debpro[127.0.0.1]
plaintext cyrus SASL(-1): generic failure: checkpass failed
# imtest -a cyrus -m login -p imap localhost
S: * OK debpro Cyrus IMAP4 v2.1.16-IPv6-Debian-2.1.16-6 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT
LIST-SUBSCRIBED ANNOTATEMORE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {5}
S: + go ahead
C: <omitted>
S: L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0
# /etc/init.d/saslauthd restart
Restarting SASL Authentication Daemon: saslauthd[31589] :main
: num_procs : 0
saslauthd[31589] :main : mech_option: NULL
saslauthd[31589] :main : run_path : /var/run/saslauthd
saslauthd[31589] :main : auth_mech : pam
saslauthd[31589] :cache_alloc_mm : mmaped shared memory segment on
file: /var/run/saslauthd/cache.mmap
saslauthd[31589] :cache_init : bucket size: 92 bytes
saslauthd[31589] :cache_init : stats size : 36 bytes
saslauthd[31589] :cache_init : timeout : 28800 seconds
saslauthd[31589] :cache_init : cache table: 944764 total bytes
saslauthd[31589] :cache_init : cache table: 1711 slots
saslauthd[31589] :cache_init : cache table: 10266 buckets
saslauthd[31589] :cache_init_lock : flock file opened at
/var/run/saslauthd/cache.flock
saslauthd[31589] :detach_tty : master pid is: 0
saslauthd[31589] :ipc_init : listening on socket:
/var/run/saslauthd/mux
# dpkg-statoverride --list /etc/sasldb2
cyrus sasl 660 /etc/sasldb2
# dpkg-statoverride --list /var/run/saslauthd
cyrus sasl 710 /var/run/saslauthd
# less /etc/group | grep cyrus
sasl:*:45:cyrus
# sasltestsuite
NOTE:
-For KERBEROS_V4 must be able to read srvtab file (usually /etc/srvtab)
-For GSSAPI must be able to read srvtab (/etc/krb5.keytab)
-For both KERBEROS_V4 and GSSAPI you must have non-expired tickets
-For OTP (w/OPIE) must be able to read/write opiekeys (/etc/opiekeys)
-For OTP you must have a non-expired secret
-Must be able to read sasldb, which needs to be setup with a.
username and a password (see top of testsuite.c)
Checking plaintext passwords... Failed with: sasl_checkpass() failed on
simple case
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list