cyrus + sasl + pam + mysql problem

Rudy Gevaert Rudy.Gevaert at UGent.be
Thu Mar 2 05:56:20 EST 2006


Hello,

I have tried to set up cyrus with passwords in mysql.  I only have the 
password in crypt format.

I'm using debian sarge, but the cyrus is compiled from source.

I thought I could do this the following way:

1) configure sasl so that it uses pam for authentication
2) configure pam so that it uses mysql for imap authentication

This works:
I start saslauthd with: /usr/sbin/saslauthd -a pam

Pam config:

rood:/etc# cat /etc/pam.d/imap
auth sufficient pam_mysql.so user=x passwd=x host=localhost \
     db=mail table=accountuser usercolumn=username \
     passwdcolumn=password crypt=1
account required pam_mysql.so user=x passwd=x host=localhost \
     db=mail table=accountuser usercolumn=username \
     passwdcolumn=password crypt=1

I can test that this works with testsaslauthd:

rood:/etc# testsaslauthd  -u rgevaert -p pass
0: OK "Success

I can see that mysql is executing queries in the mysql log.

For the third step I tried:

a) Configure cyrus to use sasl with mysql.  I am very confused here.

On the internet I find a page that says I have to patch sasl so that it 
can use encrypted passwords:
http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/

Is this true?  Because:

An imapd.conf with

sasl_mech_list: PLAIN
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_sql_engine: mysql
sasl_mech_list: PLAIN
sasl_sql_hostnames: localhost
sasl_sql_user: mail
sasl_sql_passwd: x
sasl_sql_database: mail
sasl_sql_verbose: yes
sasl_sql_select: SELECT password FROM accountuser WHERE username = '%u'

Makes connection to the mysql database but it fails:

Mar  2 11:23:07 rood imaps[14528]: badlogin: pimp.ugent.be 
[157.193.44.68] PLAIN [SASL(-13): authentication failure: Password 
verification failed]

So this doesn't work... why?

b) Then I tried to configure cyrus to use pam (that then use mysql)

pwcheck_method: PAM

Mar  2 11:55:14 rood imaps[14666]: sql_select option missing
Mar  2 11:55:14 rood imaps[14666]: auxpropfunc error no mechanism available
Mar  2 11:55:14 rood imaps[14666]: _sasl_plugin_load failed on 
sasl_auxprop_plug_init for plugin: sql
Mar  2 11:55:15 rood imaps[14666]: OTP unavailable because can't 
read/write key database /etc/opiekeys: No such file or directory
Mar  2 11:55:16 rood imaps[14666]: DIGEST-MD5 server step 1
Mar  2 11:55:18 rood imaps[14666]: DIGEST-MD5 server step 2
Mar  2 11:55:18 rood imaps[14666]: no secret in database


I don't see any mysql queries executed.

Some questions about this log:
* why doesn't it complain about sql, I haven't anything in the config 
that says use the sql module
* so clearyly the password verification fails


If somebody could give me some pointers, it would be very much appreciated!

Rudy

-- 
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert                             e-mail: Rudy.Gevaert at UGent.be
Directie ICT, Afdeling Infrastructuur
Groep Systemen                                      tel: +32 9 264 4734
Universiteit Gent / Ghent University                fax: +32 9 264 4994
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --


More information about the Info-cyrus mailing list