Cyrus sasl authentication problem
Ken Murchison
ken at oceana.com
Thu Dec 16 14:36:58 EST 2004
Wilson, Dave wrote:
> saslauthd is running as root.
> However, I have passwords in /etc/shadow.
> Will it not work this way?
It will, but you need to use the '-a shadow' rather than '-a getpwent'.
>
>>-----Original Message-----
>>From: Ken Murchison [mailto:ken at oceana.com]
>>Sent: Thursday, December 16, 2004 11:06 AM
>>To: Wilson, Dave
>>Cc: info-cyrus at lists.andrew.cmu.edu
>>Subject: Re: Cyrus sasl authentication problem
>>
>>
>>Wilson, Dave wrote:
>>
>>
>>>./saslauthd -a getpwent -d
>>>saslauthd[6583] :main : num_procs : 5
>>>saslauthd[6583] :main : mech_option: NULL
>>>saslauthd[6583] :main : run_path : /var/state/saslauthd
>>>saslauthd[6583] :main : auth_mech : getpwent
>>>saslauthd[6583] :ipc_init : using accept lock file:
>>
>>/var/state/saslauthd/mux.accept
>>
>>>saslauthd[6583] :detach_tty : master pid is: 0
>>>saslauthd[6583] :ipc_init : listening on socket:
>>
>>/var/state/saslauthd/mux
>>
>>>saslauthd[6583] :main : using process model
>>>saslauthd[6583] :have_baby : forked child: 6584
>>>saslauthd[6583] :have_baby : forked child: 6585
>>>saslauthd[6583] :have_baby : forked child: 6586
>>>saslauthd[6583] :have_baby : forked child: 6587
>>>saslauthd[6583] :get_accept_lock : acquired accept lock
>>>saslauthd[6583] :rel_accept_lock : released accept lock
>>>saslauthd[6584] :get_accept_lock : acquired accept lock
>>>saslauthd[6583] :do_auth : auth failure: [user=pcs]
>>
>>[service=imap] [realm=] [mech=getpwent]
>>
>>>[reason=Unknown]
>>>saslauthd[6583] :do_request : response: NO
>>
>>I assume that you are running saslauthd as root, that /etc/passwd is
>>readable by root and that you actually have passwords in
>>/etc/passwd (as
>>opposed to /etc/shadow)?
>>
>>
>>
>>>
>>>>-----Original Message-----
>>>>From: Ken Murchison [mailto:ken at oceana.com]
>>>>Sent: Thursday, December 16, 2004 10:45 AM
>>>>To: Wilson, Dave
>>>>Cc: info-cyrus at lists.andrew.cmu.edu
>>>>Subject: Re: Cyrus sasl authentication problem
>>>>
>>>>
>>>>Wilson, Dave wrote:
>>>>
>>>>
>>>>
>>>>>This didn't work either:
>>>>
>>>>What does the SASL debug log look like?
>>>>
>>>>
>>>>
>>>>
>>>>>./imtest -m login -a pcs localhost
>>>>>S: * OK pcs-pfni-01 Cyrus IMAP4 v2.2.10 server ready
>>>>>C: C01 CAPABILITY
>>>>>S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
>>>>
>>>>MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_
>>>>
>>>>
>>>>>RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
>>>>
>>>>THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMOR
>>>>
>>>>
>>>>>E IDLE
>>>>>S: C01 OK Completed
>>>>>Please enter your password:
>>>>>C: L01 LOGIN pcs {3}
>>>>>S: + go ahead
>>>>>C: <omitted>
>>>>>S: L01 NO Login failed: no mechanism available
>>>>>Authentication failed. generic failure
>>>>>Security strength factor: 0
>>>>>
>>>>>This is my imapd.conf:
>>>>>
>>>>>configdirectory: /u01/imap
>>>>>partition-default: /u01/spool/imap
>>>>>admins: pcs root
>>>>>sasl_pwcheck_method: saslauthd
>>>>>sasl_mech_list: PLAIN
>>>>>allowplaintext: 1
>>>>>defaultdomain: pactolus
>>>>>imapidlepoll: 15
>>>>>
>>>>>I have saslauthd running: ./saslauthd -a getpwent
>>>>>
>>>>>Any other ideas?
>>>>>
>>>>>Dave
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Ken Murchison [mailto:ken at oceana.com]
>>>>>>Sent: Thursday, December 16, 2004 9:53 AM
>>>>>>To: Wilson, Dave
>>>>>>Cc: 'info-cyrus at lists.andrew.cmu.edu'
>>>>>>Subject: Re: Cyrus sasl authentication problem
>>>>>>
>>>>>>
>>>>>>Wilson, Dave wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>I'm using Cyrus with sasl, using auth method getpwent:
>>>>>>>
>>>>>>>./saslauthd -d -a getpwent
>>>>>>>
>>>>>>>I then use imtest:
>>>>>>>
>>>>>>>./imtest -m login -u pcs localhost
>>>>>>
>>>>>>This should be:
>>>>>>
>>>>>>./imtest -m login -a pcs localhost
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>S: * OK pcs-pfni-01 Cyrus IMAP4 v2.2.10 server ready
>>>>>>>C: C01 CAPABILITY
>>>>>>>S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
>>>>
>>>>MAILBOX-REFERRALS
>>>>
>>>>
>>>>>>>NAMESPACE UIDPLUS ID NO_ATOMIC_
>>>>>>>RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
>>>>>>
>>>>>>THREAD=ORDEREDSUBJECT
>>>>>>
>>>>>>
>>>>>>
>>>>>>>THREAD=REFERENCES ANNOTATEMOR
>>>>>>>E IDLE AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
>>>>>>>S: C01 OK Completed
>>>>>>>Please enter your password:
>>>>>>>C: L01 LOGIN root {3}
>>>>>>>S: + go ahead
>>>>>>>C: <omitted>
>>>>>>>S: L01 NO Login failed: authentication failure
>>>>>>>Authentication failed. generic failure
>>>>>>>Security strength factor: 0
>>>>>>>
>>>>>>>The debug log from sasl is:
>>>>>>>
>>>>>>>saslauthd[5293] :main : num_procs : 5
>>>>>>>saslauthd[5293] :main : mech_option: NULL
>>>>>>>saslauthd[5293] :main : run_path :
>>>>
>>>>/var/state/saslauthd
>>>>
>>>>
>>>>>>>saslauthd[5293] :main : auth_mech : getpwent
>>>>>>>saslauthd[5293] :ipc_init : using accept lock file:
>>>>>>>/var/state/saslauthd/mux.accept
>>>>>>>saslauthd[5293] :detach_tty : master pid is: 0
>>>>>>>saslauthd[5293] :ipc_init : listening on socket:
>>>>>>>/var/state/saslauthd/mux
>>>>>>>saslauthd[5293] :main : using process model
>>>>>>>saslauthd[5293] :have_baby : forked child: 5294
>>>>>>>saslauthd[5293] :have_baby : forked child: 5295
>>>>>>>saslauthd[5293] :have_baby : forked child: 5296
>>>>>>>saslauthd[5293] :have_baby : forked child: 5297
>>>>>>>saslauthd[5293] :get_accept_lock : acquired accept lock
>>>>>>>saslauthd[5293] :rel_accept_lock : released accept lock
>>>>>>>saslauthd[5294] :get_accept_lock : acquired accept lock
>>>>>>>saslauthd[5293] :do_auth : auth failure:
>>>>>>
>>>>>>[user=root] [service=imap]
>>>>>>
>>>>>>
>>>>>>
>>>>>>>[realm=] [mech=getpwent]
>>>>>>>[reason=Unknown]
>>>>>>>saslauthd[5293] :do_request : response: NO
>>>>>>>saslauthd[5294] :rel_accept_lock : released accept lock
>>>>>>>saslauthd[5295] :get_accept_lock : acquired accept lock
>>>>>>>saslauthd[5294] :do_auth : auth failure:
>>>>>>
>>>>>>[user=root] [service=imap]
>>>>>>
>>>>>>
>>>>>>
>>>>>>>[realm=] [mech=getpwent]
>>>>>>>[reason=Unknown]
>>>>>>>saslauthd[5294] :do_request : response: NO
>>>>>>>
>>>>>>>Why does this have user=root? More generally, why is the
>>>>>>
>>>>>>authentication
>>>>>>
>>>>>>
>>>>>>
>>>>>>>failing?
>>>>>>>
>>>>>>>Thanks
>>>>>>>Dave
>>>>>>>
>>>>>>>---
>>>>>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>>>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>>>>List Archives/Info:
>>
>>http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>>>>>>
>>>>>>--
>>>>>>Kenneth Murchison Oceana Matrix Ltd.
>>>>>>Software Engineer 21 Princeton Place
>>>>>>716-662-8973 x26 Orchard Park, NY 14127
>>>>>>--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
>>>>>>
>>>>>
>>>>>
>>>>>---
>>>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>>
>>>>
>>>>
>>>>--
>>>>Kenneth Murchison Oceana Matrix Ltd.
>>>>Software Engineer 21 Princeton Place
>>>>716-662-8973 x26 Orchard Park, NY 14127
>>>>--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
>>>>
>>>
>>>
>>>---
>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>
>>
>>--
>>Kenneth Murchison Oceana Matrix Ltd.
>>Software Engineer 21 Princeton Place
>>716-662-8973 x26 Orchard Park, NY 14127
>>--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
>>
>
>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list