Cyrus+SASL+PAM+pam_mysql Migration problem
Alexandru E. Ungur
alexandru at globalterrasoft.ro
Tue Jun 27 12:25:55 EDT 2006
Hi all,
I'm having a bit of a hard time doing a migration of cyrus from this:
localhost> ver
name : Cyrus IMAPD
version : v2.1.5 2002/06/24 19:13:27
vendor : Project Cyrus
support-url: http://asg.web.cmu.edu/cyrus
os : Linux
os-version : 2.4.18-19.7.x
environment: Cyrus SASL 2.1.5
Sleepycat Software: Berkeley DB 3.2.9: (January 24, 2001)
OpenSSL 0.9.6l 04 Nov 2003
CMU Sieve 2.2
DRAC
TCP Wrappers
lock = flock
auth = unix
idle = poll
mboxlist.db = db3
subs.db = flat
seen.db = flat
duplicate.db = db3-nosync
tls.db = db3-nosync
to this:
localhost> ver
name : Cyrus IMAPD
version : v2.2.12-Invoca-RPM-2.2.12-3.RHEL4.1 2005/02/14 16:43:51
vendor : Project Cyrus
support-url: http://asg.web.cmu.edu/cyrus
os : Linux
os-version : 2.6.9-34.0.1.ELsmp
environment: Built w/Cyrus SASL 2.1.19
Running w/Cyrus SASL 2.1.19
Built w/Sleepycat Software: Berkeley DB 4.2.52: (December 11, 2004)
Running w/Sleepycat Software: Berkeley DB 4.2.52: (December 11, 2004)
Built w/OpenSSL 0.9.7a Feb 19 2003
Running w/OpenSSL 0.9.7a Feb 19 2003
CMU Sieve 2.2
TCP Wrappers
mmap = shared
lock = fcntl
nonblock = fcntl
auth = unix
idle = poll
anyway, on the old server it is a cyrus+saslauthd+pam+pam_mysql+mysql
On the new server I got saslauthd working pretty much ok (I think).
1. it is run like this:
# ps ax|grep sasl
32293 ? Ss 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 0
so it uses pam,
2. pam looks like this:
[root at mailtx1 lib]# cat /etc/pam.d/imap
#%PAM-1.0
#auth optional /lib/security/pam_mysql.so user=cyrus \
# passwd=cypass host=127.0.0.1 db=email table=popusers usercolumn=alias \
# domaincolumn=domain passwdcolumn=password crypt=0 use_relay_ip=1
#password required /lib/security/pam_mysql.so user=cyrus \
# passwd=cypass host=127.0.0.1 db=email table=popusers usercolumn=alias \
# domaincolumn=domain passwdcolumn=password crypt=0 use_relay_ip=1
auth sufficient pam_mysql.so user=cyrus passwd=cypass host=localhost \
db=email table=popusers usercolumn=alias \
passwdcolumn=password crypt=0
account required pam_mysql.so user=cyrus passwd=cypass host=localhost \
db=email table=popusers usercolumn=alias \
passwdcolumn=password crypt=0
3. [root at mailtx1 lib]# testsaslauthd -u cyrus -p PASSWORD -s imap
0: OK "Success."
So I think I got the sasl+pam+mysql part working (but I could be wrong,
I'm pretty new to the whole cyrus world :D)
Now, my problem is that I cannot for the life of me get cyradm working.
Here is the imapd.conf:
configdirectory: /cyrus/imap
partition-default: /cyrus/spool
defaultacl: lrswipcd
admins: cyrus at domainZ=com cyrus at domainZ.com cyrus
allowanonymouslogin: no
timeout: 400
plaintextloginpause: 0
quotawarn: 90
autocreatequota: 50000
singleinstancestore: yes
drachost: localhost
dracinterval: 600
#sasl_pwcheck_method: pam
sasl_pwcheck_method: saslauthd
loginrealms: all
sasl_auxprop_plugin: mysqlauxprop
sasl_mysql_user: cyrus
sasl_mysql_passwd: cypass
sasl_mysql_hostnames: localhost
sasl_mysql_database: email
sasl_mysql_statement: select password from popusers where alias='%u' and domain='%r'
#sasl_mysql_statement: select md5(password) from popusers where alias='%u' and domain='%r'
sasl_mysql_verbose: yes
allowplaintext: yes
#sasl_mech_list: PLAIN
sieveusehomedir: false
sievedir: /usr/local/sieve
sieve_maxscriptsize: 32
sieve_maxscripts: 5
partition-0: /cyrus/spool/0
partition-1: /cyrus/spool/1
# ... and so on ...
----------------
Here is the table structure for popuses:
mysql> select * from popusers where alias = 'cyrus';
+----------+---------+-------+-------------+----------------+
| clientid | emailid | alias | domain | password |
+----------+---------+-------+-------------+----------------+
| 4877 | 2301 | cyrus | domainZ.com | PASSWORd |
+----------+---------+-------+-------------+----------------+
1 row in set (0.01 sec)
and here's when I try cyradm:
[root at mailtx1 lib]# cyradm -u cyrus localhost
Password:
cyradm: cannot authenticate to server with as cyrus
where I used the above mentioned password.
This is what I get in the log:
Jun 27 04:18:39 mailtx1 master[691]: about to exec
/usr/lib/cyrus-imapd/imapd
Jun 27 04:18:39 mailtx1 imap[691]: executed
Jun 27 04:18:39 mailtx1 imap[691]: sql_select option missing
Jun 27 04:18:39 mailtx1 imap[691]: auxpropfunc error no mechanism available
Jun 27 04:18:39 mailtx1 imap[691]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
Jun 27 04:18:39 mailtx1 imap[691]: accepted connection
Jun 27 04:18:39 mailtx1 imap[691]: DIGEST-MD5 server step 1
Jun 27 04:18:39 mailtx1 perl: DIGEST-MD5 client step 2
Jun 27 04:18:43 mailtx1 imap[691]: DIGEST-MD5 server step 2
Jun 27 04:18:43 mailtx1 imap[691]: could not find auxprop plugin, was searching for 'mysqlauxprop'
Jun 27 04:18:43 mailtx1 imap[691]: could not find auxprop plugin, was searching for 'mysqlauxprop'
Jun 27 04:18:43 mailtx1 imap[691]: no secret in database
Jun 27 04:18:43 mailtx1 imap[691]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database]
Jun 27 04:18:46 mailtx1 perl: GSSAPI Error: Miscellaneous failure (No credentials cache found)
Jun 27 04:18:46 mailtx1 perl: NTLM client step 1
Jun 27 04:18:46 mailtx1 imap[691]: NTLM server step 1
Jun 27 04:18:46 mailtx1 imap[691]: client flags: 207
Jun 27 04:18:46 mailtx1 perl: NTLM client step 2
Jun 27 04:18:46 mailtx1 imap[691]: bad userid authenticated
Jun 27 04:18:46 mailtx1 imap[691]: badlogin: localhost [127.0.0.1] CRAM-MD5 [SASL(-13): authentication failure: bad userid authenticated]
Jun 27 04:18:49 mailtx1 perl: No worthy mechs found
I would really appreciate any tips/pointers/help on how to debug/fix
this further.
Thank you very much,
Alex
More information about the Info-cyrus
mailing list