Cyrus sasl authentication problem

Wilson, Dave dwilson at pactolus.com
Thu Dec 16 11:08:43 EST 2004 

saslauthd is running as root.
However, I have passwords in /etc/shadow.
Will it not work this way?

> -----Original Message-----
> From: Ken Murchison [mailto:ken at oceana.com]
> Sent: Thursday, December 16, 2004 11:06 AM
> To: Wilson, Dave
> Cc: info-cyrus at lists.andrew.cmu.edu
> Subject: Re: Cyrus sasl authentication problem
> 
> 
> Wilson, Dave wrote:
> 
> > ./saslauthd -a getpwent -d
> > saslauthd[6583] :main            : num_procs  : 5
> > saslauthd[6583] :main            : mech_option: NULL
> > saslauthd[6583] :main            : run_path   : /var/state/saslauthd
> > saslauthd[6583] :main            : auth_mech  : getpwent
> > saslauthd[6583] :ipc_init        : using accept lock file: 
> /var/state/saslauthd/mux.accept
> > saslauthd[6583] :detach_tty      : master pid is: 0
> > saslauthd[6583] :ipc_init        : listening on socket: 
> /var/state/saslauthd/mux
> > saslauthd[6583] :main            : using process model
> > saslauthd[6583] :have_baby       : forked child: 6584
> > saslauthd[6583] :have_baby       : forked child: 6585
> > saslauthd[6583] :have_baby       : forked child: 6586
> > saslauthd[6583] :have_baby       : forked child: 6587
> > saslauthd[6583] :get_accept_lock : acquired accept lock
> > saslauthd[6583] :rel_accept_lock : released accept lock
> > saslauthd[6584] :get_accept_lock : acquired accept lock
> > saslauthd[6583] :do_auth         : auth failure: [user=pcs] 
> [service=imap] [realm=] [mech=getpwent]
> > [reason=Unknown]
> > saslauthd[6583] :do_request      : response: NO
> 
> I assume that you are running saslauthd as root, that /etc/passwd is 
> readable by root and that you actually have passwords in 
> /etc/passwd (as 
> opposed to /etc/shadow)?
> 
> 
> > 
> > 
> >>-----Original Message-----
> >>From: Ken Murchison [mailto:ken at oceana.com]
> >>Sent: Thursday, December 16, 2004 10:45 AM
> >>To: Wilson, Dave
> >>Cc: info-cyrus at lists.andrew.cmu.edu
> >>Subject: Re: Cyrus sasl authentication problem
> >>
> >>
> >>Wilson, Dave wrote:
> >>
> >>
> >>>This didn't work either:
> >>
> >>What does the SASL debug log look like?
> >>
> >>
> >>
> >>>./imtest -m login -a pcs localhost
> >>>S: * OK pcs-pfni-01 Cyrus IMAP4 v2.2.10 server ready
> >>>C: C01 CAPABILITY
> >>>S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ 
> >>
> >>MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_
> >>
> >>>RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT 
> >>
> >>THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMOR
> >>
> >>>E IDLE
> >>>S: C01 OK Completed
> >>>Please enter your password:
> >>>C: L01 LOGIN pcs {3}
> >>>S: + go ahead
> >>>C: <omitted>
> >>>S: L01 NO Login failed: no mechanism available
> >>>Authentication failed. generic failure
> >>>Security strength factor: 0
> >>>
> >>>This is my imapd.conf:
> >>>
> >>>configdirectory: /u01/imap
> >>>partition-default: /u01/spool/imap
> >>>admins: pcs root
> >>>sasl_pwcheck_method: saslauthd
> >>>sasl_mech_list: PLAIN
> >>>allowplaintext: 1
> >>>defaultdomain: pactolus
> >>>imapidlepoll: 15
> >>>
> >>>I have saslauthd running: ./saslauthd -a getpwent
> >>>
> >>>Any other ideas?
> >>>
> >>>Dave
> >>>
> >>>
> >>>
> >>>>-----Original Message-----
> >>>>From: Ken Murchison [mailto:ken at oceana.com]
> >>>>Sent: Thursday, December 16, 2004 9:53 AM
> >>>>To: Wilson, Dave
> >>>>Cc: 'info-cyrus at lists.andrew.cmu.edu'
> >>>>Subject: Re: Cyrus sasl authentication problem
> >>>>
> >>>>
> >>>>Wilson, Dave wrote:
> >>>>
> >>>>
> >>>>
> >>>>>I'm using Cyrus with sasl, using auth method getpwent:
> >>>>>
> >>>>>./saslauthd -d -a getpwent
> >>>>>
> >>>>>I then use imtest:
> >>>>>
> >>>>>./imtest -m login -u pcs localhost
> >>>>
> >>>>This should be:
> >>>>
> >>>>./imtest -m login -a pcs localhost
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>S: * OK pcs-pfni-01 Cyrus IMAP4 v2.2.10 server ready
> >>>>>C: C01 CAPABILITY
> >>>>>S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ 
> >>
> >>MAILBOX-REFERRALS
> >>
> >>>>>NAMESPACE UIDPLUS ID NO_ATOMIC_
> >>>>>RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT 
> >>>>
> >>>>THREAD=ORDEREDSUBJECT
> >>>>
> >>>>
> >>>>>THREAD=REFERENCES ANNOTATEMOR
> >>>>>E IDLE AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
> >>>>>S: C01 OK Completed
> >>>>>Please enter your password:
> >>>>>C: L01 LOGIN root {3}
> >>>>>S: + go ahead
> >>>>>C: <omitted>
> >>>>>S: L01 NO Login failed: authentication failure
> >>>>>Authentication failed. generic failure
> >>>>>Security strength factor: 0
> >>>>>
> >>>>>The debug log from sasl is:
> >>>>>
> >>>>>saslauthd[5293] :main            : num_procs  : 5
> >>>>>saslauthd[5293] :main            : mech_option: NULL
> >>>>>saslauthd[5293] :main            : run_path   : 
> >>
> >>/var/state/saslauthd
> >>
> >>>>>saslauthd[5293] :main            : auth_mech  : getpwent
> >>>>>saslauthd[5293] :ipc_init        : using accept lock file:
> >>>>>/var/state/saslauthd/mux.accept
> >>>>>saslauthd[5293] :detach_tty      : master pid is: 0
> >>>>>saslauthd[5293] :ipc_init        : listening on socket:
> >>>>>/var/state/saslauthd/mux
> >>>>>saslauthd[5293] :main            : using process model
> >>>>>saslauthd[5293] :have_baby       : forked child: 5294
> >>>>>saslauthd[5293] :have_baby       : forked child: 5295
> >>>>>saslauthd[5293] :have_baby       : forked child: 5296
> >>>>>saslauthd[5293] :have_baby       : forked child: 5297
> >>>>>saslauthd[5293] :get_accept_lock : acquired accept lock
> >>>>>saslauthd[5293] :rel_accept_lock : released accept lock
> >>>>>saslauthd[5294] :get_accept_lock : acquired accept lock
> >>>>>saslauthd[5293] :do_auth         : auth failure: 
> >>>>
> >>>>[user=root] [service=imap]
> >>>>
> >>>>
> >>>>>[realm=] [mech=getpwent]
> >>>>>[reason=Unknown]
> >>>>>saslauthd[5293] :do_request      : response: NO
> >>>>>saslauthd[5294] :rel_accept_lock : released accept lock
> >>>>>saslauthd[5295] :get_accept_lock : acquired accept lock
> >>>>>saslauthd[5294] :do_auth         : auth failure: 
> >>>>
> >>>>[user=root] [service=imap]
> >>>>
> >>>>
> >>>>>[realm=] [mech=getpwent]
> >>>>>[reason=Unknown]
> >>>>>saslauthd[5294] :do_request      : response: NO
> >>>>>
> >>>>>Why does this have user=root?  More generally, why is the 
> >>>>
> >>>>authentication
> >>>>
> >>>>
> >>>>>failing?
> >>>>>
> >>>>>Thanks
> >>>>>Dave
> >>>>>
> >>>>>---
> >>>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> >>>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> >>>>>List Archives/Info: 
> http://asg.web.cmu.edu/cyrus/mailing-list.html
> >>>>>
> >>>>
> >>>>
> >>>>-- 
> >>>>Kenneth Murchison     Oceana Matrix Ltd.
> >>>>Software Engineer     21 Princeton Place
> >>>>716-662-8973 x26      Orchard Park, NY 14127
> >>>>--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
> >>>>
> >>>
> >>>
> >>>---
> >>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> >>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> >>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >>>
> >>
> >>
> >>-- 
> >>Kenneth Murchison     Oceana Matrix Ltd.
> >>Software Engineer     21 Princeton Place
> >>716-662-8973 x26      Orchard Park, NY 14127
> >>--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
> >>
> > 
> > 
> > ---
> > Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> > 
> 
> 
> -- 
> Kenneth Murchison     Oceana Matrix Ltd.
> Software Engineer     21 Princeton Place
> 716-662-8973 x26      Orchard Park, NY 14127
> --PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
> 

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list