cyrus + sasl + pam + mysql problem
Rudy Gevaert
Rudy.Gevaert at UGent.be
Thu Mar 2 05:56:20 EST 2006
Hello,
I have tried to set up cyrus with passwords in mysql. I only have the
password in crypt format.
I'm using debian sarge, but the cyrus is compiled from source.
I thought I could do this the following way:
1) configure sasl so that it uses pam for authentication
2) configure pam so that it uses mysql for imap authentication
This works:
I start saslauthd with: /usr/sbin/saslauthd -a pam
Pam config:
rood:/etc# cat /etc/pam.d/imap
auth sufficient pam_mysql.so user=x passwd=x host=localhost \
db=mail table=accountuser usercolumn=username \
passwdcolumn=password crypt=1
account required pam_mysql.so user=x passwd=x host=localhost \
db=mail table=accountuser usercolumn=username \
passwdcolumn=password crypt=1
I can test that this works with testsaslauthd:
rood:/etc# testsaslauthd -u rgevaert -p pass
0: OK "Success
I can see that mysql is executing queries in the mysql log.
For the third step I tried:
a) Configure cyrus to use sasl with mysql. I am very confused here.
On the internet I find a page that says I have to patch sasl so that it
can use encrypted passwords:
http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/
Is this true? Because:
An imapd.conf with
sasl_mech_list: PLAIN
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_sql_engine: mysql
sasl_mech_list: PLAIN
sasl_sql_hostnames: localhost
sasl_sql_user: mail
sasl_sql_passwd: x
sasl_sql_database: mail
sasl_sql_verbose: yes
sasl_sql_select: SELECT password FROM accountuser WHERE username = '%u'
Makes connection to the mysql database but it fails:
Mar 2 11:23:07 rood imaps[14528]: badlogin: pimp.ugent.be
[157.193.44.68] PLAIN [SASL(-13): authentication failure: Password
verification failed]
So this doesn't work... why?
b) Then I tried to configure cyrus to use pam (that then use mysql)
pwcheck_method: PAM
Mar 2 11:55:14 rood imaps[14666]: sql_select option missing
Mar 2 11:55:14 rood imaps[14666]: auxpropfunc error no mechanism available
Mar 2 11:55:14 rood imaps[14666]: _sasl_plugin_load failed on
sasl_auxprop_plug_init for plugin: sql
Mar 2 11:55:15 rood imaps[14666]: OTP unavailable because can't
read/write key database /etc/opiekeys: No such file or directory
Mar 2 11:55:16 rood imaps[14666]: DIGEST-MD5 server step 1
Mar 2 11:55:18 rood imaps[14666]: DIGEST-MD5 server step 2
Mar 2 11:55:18 rood imaps[14666]: no secret in database
I don't see any mysql queries executed.
Some questions about this log:
* why doesn't it complain about sql, I haven't anything in the config
that says use the sql module
* so clearyly the password verification fails
If somebody could give me some pointers, it would be very much appreciated!
Rudy
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert e-mail: Rudy.Gevaert at UGent.be
Directie ICT, Afdeling Infrastructuur
Groep Systemen tel: +32 9 264 4734
Universiteit Gent / Ghent University fax: +32 9 264 4994
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
More information about the Info-cyrus
mailing list