Cyrus+SASL+PAM+pam_mysql Migration problem
Alexandru E. Ungur
alexandru at globalterrasoft.ro
Wed Jun 28 13:43:11 EDT 2006
>>> sender: "Simon Matter" date: "Wed, Jun 28, 2006 at 07:13:40PM +0200" <<<EOQ
> Make that 'cyradm -user cyrus -auth login localhost'
Thank you! :)
I did that, here's what happened:
==== FIRST, I used the old pam_mysql 0.4.5 that was on the old server,
though it might make a difference. It didn't. =============================
[root at mailtx1 etc]# cyradm -user cyrus -auth login localhost
IMAP Password:
Login failed: generic failure at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 118
cyradm: cannot authenticate to server with login as cyrus
[root at mailtx1 etc]# tail /var/log/debug
Jun 28 05:30:56 mailtx1 master[14836]: about to exec /usr/lib/cyrus-imapd/imapd
Jun 28 05:30:56 mailtx1 imap[14836]: executed
Jun 28 05:30:56 mailtx1 imap[14836]: sql_select option missing
Jun 28 05:30:56 mailtx1 imap[14836]: auxpropfunc error no mechanism available
Jun 28 05:30:56 mailtx1 imap[14836]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
Jun 28 05:30:56 mailtx1 imap[14836]: accepted connection
Jun 28 05:31:01 mailtx1 imap[14836]: could not find auxprop plugin, was searching for 'mysqlauxprop'
Jun 28 05:31:01 mailtx1 imap[14836]: could not find auxprop plugin, was searching for 'mysqlauxprop'
Jun 28 05:31:01 mailtx1 imap[14836]: size read failed
Jun 28 05:31:01 mailtx1 imap[14836]: badlogin: localhost [127.0.0.1] plaintext cyrus SASL(-1): generic failure: checkpass failed
==== THEN, I copied again the latest pam_mysql, which I used in all
previous tries as well ====================================================
[root at mailtx1 etc]# cp /usr/src/pam_mysql-0.7RC1/.libs/pam_mysql.so /lib/security/
[root at mailtx1 etc]# cyradm -user cyrus -auth login localhost
IMAP Password:
Login failed: authentication failure at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 118
cyradm: cannot authenticate to server with login as cyrus
[root at mailtx1 etc]# tail /var/log/debug
Jun 28 05:33:16 mailtx1 master[14847]: about to exec /usr/lib/cyrus-imapd/imapd
Jun 28 05:33:16 mailtx1 imap[14847]: executed
Jun 28 05:33:16 mailtx1 imap[14847]: sql_select option missing
Jun 28 05:33:16 mailtx1 imap[14847]: auxpropfunc error no mechanism available
Jun 28 05:33:16 mailtx1 imap[14847]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
Jun 28 05:33:16 mailtx1 imap[14847]: accepted connection
Jun 28 05:33:24 mailtx1 imap[14847]: could not find auxprop plugin, was searching for 'mysqlauxprop'
Jun 28 05:33:24 mailtx1 imap[14847]: could not find auxprop plugin, was searching for 'mysqlauxprop'
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - option verbose is set to "1"
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_close_db() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_sm_authenticate() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_open_db() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_open_db() returning 0.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_check_passwd() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_format_string() called
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_quick_escape() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - SELECT password FROM popusers WHERE alias = 'cyrus'
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_check_passwd() returning 6.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_sql_log() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_sql_log() returning 0.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_converse() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_open_db() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_check_passwd() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_format_string() called
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_quick_escape() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - SELECT password FROM popusers WHERE alias = 'cyrus'
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_check_passwd() returning 0.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_sql_log() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_sql_log() returning 0.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_sm_authenticate() returning 0.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: DEBUG: auth_pam: pam_acct_mgmt failed: User account has expired
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_release_ctx() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_destroy_ctx() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: pam_mysql - pam_mysql_close_db() called.
Jun 28 05:33:24 mailtx1 saslauthd[14852]: do_auth : auth failure: [user=cyrus] [service=imap] [realm=] [mech=pam] [reason=PAM acct error]
Jun 28 05:33:24 mailtx1 imap[14847]: badlogin: localhost [127.0.0.1] plaintext cyrus SASL(-13): authentication failure: checkpass failed
==============================================================================
I used no realm, 'cyrus' is the only user with that name in the table so
for the purpose of this test, it wouldn't have made any difference, it
should still return one and only one row.
Besides, I didn't yet figure out how to make pam_mysql take the domain
into account, when the domain is in a different field. I don't even think
it is possible without patching pam_mysql... though I'd be glad to be wrong :)
Thank you!
Alex
More information about the Info-cyrus
mailing list