cyrus virtdomains + saslauthd trouble

Casper casper at snigelpost.org
Mon Aug 8 11:56:25 EDT 2005


Looks like your sql select is wrong.

***

SELECT password FROM accountuser WHERE
username='egorkin.i'

***

Do a

SELECT password FROM accountuser WHERE username = '%u' and domain = '%r'

Alter table and add a domainrow.  %u = user before @ and %r = realm, after  
@.

Ok ?


or

SELECT password FROM accountuser WHERE
username='%u%r'

-- 
/Casper









On Mon, 08 Aug 2005 11:03:39 +0200, Igor <dimedrol8 at sviblovo.ru> wrote:

> Hello!
>
> saslauthd + pam_mysql work ok:
>
> #testsaslauthd -u egorkin.i -p 123 -r v-art.ru
> 0: OK "Success."
> #testsaslauthd -u egorkin.i at v-art.ru -p 123
> 0: OK "Success."
>
> But I can't login to imapd (MUA evolution). Error messages:
>
> /var/log/maillog:
> imap[25019]: badlogin: igor.3b.ru [127.0.0.1] plaintext egorkin.i
> SASL(-13): authentication failure: checkpass failed
>
> /var/log/messages:
> saslauthd[19921]: pam_sm_authenticate called.
> saslauthd[19921]: dbuser changed.
> saslauthd[19921]: dbpasswd changed.
> saslauthd[19921]: host changed.
> saslauthd[19921]: database changed.
> saslauthd[19921]: table changed.
> saslauthd[19921]: usercolumn changed.
> saslauthd[19921]: passwdcolumn changed.
> saslauthd[19921]: crypt changed.
> saslauthd[19921]: logtable changed.
> saslauthd[19921]: logmsgcolumn changed.
> saslauthd[19921]: logusercolumn changed.
> saslauthd[19921]: loghostcolumn changed.
> saslauthd[19921]: logpidcolumn changed.
> saslauthd[19921]: logtimecolumn changed.
> saslauthd[19921]: db_connect  called.
> saslauthd[19921]: returning 0 .
> saslauthd[19921]: db_checkpasswd called.
> saslauthd[19921]: pam_mysql: where clause =
> saslauthd[19921]: SELECT password FROM accountuser WHERE
> username='egorkin.i'
> saslauthd[19921]: pam_mysql: select returned more than one result
> saslauthd[19921]: returning 7 after db_checkpasswd.
> imap(pam_unix)[19921]: check pass; user unknown
> imap(pam_unix)[19921]: authentication failure; logname= uid=0 euid=0
> tty= ruser= rhost=
> saslauthd[19921]: do_auth: auth failure: [user=egorkin.i] [service=imap]
> [realm=] [mech=pam] [reason=PAM auth error]
>
> It seems imapd does not pass realm to saslauthd: [realm=]
> What is wrong ?
>
> Configuration:
>
> # cat /etc/fedora-release
> Fedora Core release 2 (Tettnang)
>
> Cyrus and Sasl compiled from Fedora4 rpm sources
>
> # rpm -qa|grep cyrus
> cyrus-imapd-2.2.12-6.fc4
> cyrus-imapd-utils-2.2.12-6.fc4
> cyrus-imapd-devel-2.2.12-6.fc4
> cyrus-sasl-2.1.20-5
> cyrus-sasl-plain-2.1.20-5
> cyrus-sasl-devel-2.1.20-5
> cyrus-sasl-md5-2.1.20-5
> perl-Cyrus-2.2.12-6.fc4
>
>
> # cat imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
> tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
> postmaster: postmaster
> uixhierarchysep: yes
> virtdomains: userid
> defaultdomain: 3b.ru
>
> # cat /usr/lib/sasl/smtpd.conf
> pwcheck_method: saslauthd
> saslauthd_version: 2
>
> # cat /usr/lib/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mech_list: plain login
>
> # cat /etc/pam.d/imap
> #%PAM-1.0
> auth sufficient pam_mysql.so user=mail passwd=secret host=localhost
> db=mail table=accountuser usercolumn=username passwdcolumn=password
> crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user
> loghostcolumn=host logpidcolumn=pid logtimecolumn=time
> auth sufficient pam_unix_auth.so
> account required pam_mysql.so user=mail passwd=secret host=localhost
> db=mail table=accountuser usercolumn=username passwdcolumn=password
> crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user
> loghostcolumn=host logpidcolumn=pid logtimecolumn=time
> account sufficient pam_unix_acct.so
>
> mysql> SELECT * FROM accountuser where username='egorkin.i at v-art.ru';
> +--------------------+---------------+----------+-------------+
> | username           | password      | prefix   | domain_name |
> +--------------------+---------------+----------+-------------+
> | egorkin.i at v-art.ru | 13YPY/c.qiCtw | v-art.ru | v-art.ru    |
> +--------------------+---------------+----------+-------------+
> 1 row in set (0.00 sec)
>
>
> saslauthd running: /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -r
>
> mailbox exist for egorkin.i at v-art.ru
> # ls -l /var/spool/imap/domain/v/v-art.ru/e/user/egorkin^i/
> total 4
> -rw-------  1 cyrus mail 537 Aug  7 02:55 1.
> -rw-------  1 cyrus mail 592 Aug  7 02:55 cyrus.cache
> -rw-------  1 cyrus mail 203 Aug  6 21:10 cyrus.header
> -rw-------  1 cyrus mail 136 Aug  7 02:55 cyrus.index
>
>
> --
> Thank you,
> Igor
>
>
>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>



-- 
/Casper
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list