cyradm and salsdb2 ?

Jason Williams jwilliams at courtesymortgage.com
Thu Feb 5 21:09:24 EST 2004 

At 03:05 PM 2/5/2004 +0000, you wrote:
>root at foo:~#sasldblistusers2
>cyrus at bar.com: userPassword
>test at foo.bar.com: userPassword
>
>I do not have two entries for each user, isn't right ? Could it be caused 
>by a permission problem with /etc/opiekeys ?

With Cyrus-sasl-2.x, you should only see one entry for each user if memory 
serves me correctly.
However, it looks like you have two realms you are dealing with (bar.com 
and foo.bar.com) unless that is a typo.

You may want to delete the cyrus user from the sasldb2 backend and readd:


>Here is what i mean, i started master... and tried to log in with cyradm...
>Feb  5 09:24:03 foo master[52746]: process started
>Feb  5 09:24:03 foo ctl_cyrusdb[52747]: recovering cyrus databases
>Feb  5 09:24:03 foo ctl_cyrusdb[52747]: done recovering cyrus databases
>Feb  5 09:24:03 foo master[52746]: ready for work
>Feb  5 09:24:03 foo ctl_cyrusdb[52748]: checkpointing cyrus databases
>Feb  5 09:24:03foo ctl_cyrusdb[52748]: done checkpointing cyrus databases
>Feb  5 09:24:36 foo imapd[52782]: OTP unavailable because can't read/write 
>key database /etc/opiekeys: Permission denied
>Feb  5 09:24:42 foo imapd[52782]: no user in db
>Feb  5 09:24:42 foo imapd[52782]: no user in db
>Feb  5 09:24:42 foo imapd[52782]: badlogin: bar.com[x.x.x.x] plaintext 
>cyrus SASL(-13): user not found: checkpass failed
>
>i changed the owner of /etc/opiekeys to cyrus, changed the group to 
>mail... and added the read/write to group... and even added rw to other to 
>be sure ( i'm going to set the permissions properly when it will work... )
>root at foo:~#ls -al /etc/opiekeys
>-rw-rw-rw-  1 postfix  mail  0 Oct 11 14:51 /etc/opiekeys

My experience with OTP and opiekeys is that you need to make cyrus the 
owner or part of the group for that file. That will make the OTP 
unavailable message go away. The other options are to compile cyrus-sasl2 
WITHOUT_OTP support, or you can go to the 'lib' directory 
(/usr/local/lib/sasl2) and move all the files that have OTP in them to a 
different folder. I've tried both and they work.

>I tried to log in again...
>#cyradm --user cyrus --auth login localhost
>Feb  5 09:48:46 foo imapd[55493]: no user in db
>Feb  5 09:48:46 foo imapd[55493]: no user in db
>Feb  5 09:48:46 foo imapd[55493]: badlogin: neokit.com[216.17.101.180] 
>plaintext cyrus SASL(-13): user not found: checkpass failed

For cyradm, make sure you have a user listed in imapd.conf and make sure it 
is not a user who will get mail. Make it like imapadmin or something. Make 
sure you add that account to the sasldb2 as well.

Here is what I use:

cyradm --user imapadmin localhost

>(notice that i didn't get any errors about opiekeys permissions ... )
>The user do exist in the sasldb2...
>root at foo:~#sasldblistusers2
>cyrus at bar: userPassword
>test at foo.bar.com: userPassword
>
>And the permissions seems okay...
>-rw-r-----  1 cyrus  mail  16384 Feb  5 00:19 /usr/local/etc/sasldb2.db

Yes, make sure Cyrus can read the database.

>What could be the problem ?
>I do not run saslauthd ... I'm not sure, but i think it's not needed....

saslauthd is not needed if you are using sasldb2 as the backend

>Btw, i do not have anything in /etc/opieaccess.. isn't correct ?
>
>Here is what's running:
>cyrus   55376  0.0  0.1  2700 1480  p4  SJ    9:47AM   0:00.02 
>/usr/local/cyrus/
>bin/master
>root    55454  0.0  0.1  3092 1356  ??  SsJ   9:48AM   0:00.01 
>/usr/local/libexe
>c/postfix/master
>postfix 55455  0.0  0.1  3100 1376  ??  SJ    9:48AM   0:00.01 pickup -l 
>-t fifo
>-u
>postfix 55456  0.0  0.1  3124 1408  ??  SJ    9:48AM   0:00.01 qmgr -l -t 
>fifo -
>u
>
>And output from netstat about mail, imapd, etc...
>tcp4       0      0  216.17.101.180.25      *.*                    LISTEN
>tcp4       0      0  216.17.101.180.995     *.*                    LISTEN
>tcp4       0      0  216.17.101.180.110     *.*                    LISTEN
>tcp4       0      0  216.17.101.180.993     *.*                    LISTEN
>tcp4       0      0  216.17.101.180.143     *.*                    LISTEN
>
>i do start everything with:
>postfix start
>followed by
>/usr/local/cyrus/bin/cyrus &
>
>Thanks for help...

Hope that helps.

Jason 

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list