Cannot log into cyrus using IMAP

Andreas Winkelmann ml at awinkelmann.de
Mon May 10 12:26:39 EDT 2004 

Am Montag, 10. Mai 2004 17:33 schrieb Eric B.:

> > > I am following the Postfix-Cyrus-Web-cyradm-HOWTO.  My command line is
> the
>
> > > following:
> > > > saslpasswd2 -c cyrus
> > > > Password: secret
> > > > Again (for verification): secret
> >
> > Here you create a user in /etc/sasldb2...
> >
> > > When I try to connect with cyradm:
> > > > cyradm --user cyrus --server localhost --auth plain
> > > > Password: secret
> > > > IMAP Password: secret
> > >
> > > I get the following errors in my /var/log/auth.log:
> > >
> > > May 10 00:47:21 linuxmail perl: No worthy mechs found
> > > May 10 00:52:01 linuxmail imap(pam_unix)[31961]: authentication
> > > failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=cyrus
> > > May 10 00:52:01 linuxmail saslauthd[31961]: pam_sm_authenticate called.
> >
> > ... but you are using saslauthd. These are two difrent storages.
>
> Ahhh - I thought they were using the same storage db, but were two
> different ways of accessing it.  What authentication process uses the
> /etc/sasldb2?

The Cyrus-SASL-Library uses the auxprop-plugin sasldb and this one does the 
handling of /etc/sasldb2.

> > If your passwords are unencrypted in a mysql-db, you should use the
> > sql-auxprop-plugin. In your plugin-dir should be a libsql.so*-Plugin. The
> > available options are described in ./doc/options.html
>
> Indeed I have a libsql.so* in my /usr/lib/sasl2 directory.  (defined as my
> plugin directory).  I've read through the options.html document, but am not
> sure where i need to specify the sql-auxprop-plugin.  Does that go in the
> /usr/lib/sasl2/smptd.conf file?  in a /usr/lib/sasl2/imapd.conf file?  How
> exactly should it go in?  is my conf file just the following:

Depends on the Applicatio which you want to configure. Cyrus Imap uses /etc/
imapd.conf, Postfix $plugindir/smtpd.conf. Cyrus-Imapd uses "sasl_" as Prefix 
for all sasl-options. So this one must be:

> pwcheck_method: auxprop
> auxprop_plugin: sql

sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_mech_list: plain login cram-md5 digest-md5
sasl_sql_engine: mysql
sasl_sql_hostnames: localhost
sasl_sql_user: mail
sasl_sql_passwd: secret
sasl_sql_database: mail
sasl_sql_select: select password from accountuser where username = '%u'

> My /etc/pam.d/imapd:
> auth       required     /lib/security/pam_stack.so service=system-auth
> account    required     /lib/security/pam_stack.so service=system-auth
>
> auth sufficient pam_mysql.so user=mail passwd=secret host=localhost db=mail
> table=accountuser usercolumn=username passwdcolumn=password crypt=0
> logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host
> logpidcolumn=pid logtimecolumn=time
>
> account required pam_mysql.so user=mail passwd=secret host=localhost
> db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0
> logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host
> logpidcolumn=pid logtimecolumn=time

> If I change the pwcheck_method to auxprop, does that mean it no longer uses
> saslauthd?  Is there anyway to use saslauthd with non-encrypted p/ws? 
> Where does saslauthd retrieve its username/passwd information from?

a.) Yes. Or you set:
pwcheck_method: auxprop saslauthd
Then both will be used.

b.) Yes. In case of pam_mysql there is an option "crypt=0". It is set in your 
example above!?

c.) The Application recieves the Credentials from the Client over the Line. 
These will be passed to the Cyrus-SASL-Library. It will be decoded and then 
send to saslauthd which asks it's backend (pam_mysql for example) if the 
user/password is correct. And this answer is send back to the Application.

-- 
	Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list