Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16

Andrey ‪ andrew_dev at hotmail.com
Fri Mar 7 16:02:30 EST 2014


this was very helpful:

sasl_auxprop_plugin: sasldb

But is works only in combination with:
sasl_pwcheck_method: saslauth

I can now log in to default domain as user password via Windows live mail 
(WLM) and send/receive e-mails.
And I a succeed on testsaslauthd.

However, the user in sasldb with name info at domain2.tld cannot login.

in /etc/default/saslauthd

OPTIONS="-c -m /var/run/saslauthd -rVd"

root at srv01:~# sasldblistusers2
cyrus at srv01: userPassword
info at domain2.tld: userPassword
andrey at srv01: userPassword

root at srv01:~#testsaslauthd -u info at domain2.tld -p Pa77w0rd
0: NO "authentication failed"


root at srv01:~# service saslauthd restart
* Stopping SASL Authentication Daemon saslauthd                         [ 
OK ]
* Starting SASL Authentication Daemon saslauthd 
saslauthd[8891] :main            : num_procs  : 5
saslauthd[8891] :main            : mech_option: NULL
saslauthd[8891] :main            : run_path   : /var/run/saslauthd
saslauthd[8891] :main            : auth_mech  : sasldb
saslauthd[8891] :cache_alloc_mm  : mmaped shared memory segment on file: 
saslauthd[8891] :cache_init      : bucket size: 96 bytes
saslauthd[8891] :cache_init      : stats size : 36 bytes
saslauthd[8891] :cache_init      : timeout    : 28800 seconds
saslauthd[8891] :cache_init      : cache table: 985828 total bytes
saslauthd[8891] :cache_init      : cache table: 1711 slots
saslauthd[8891] :cache_init      : cache table: 10266 buckets
saslauthd[8891] :cache_init_lock : flock file opened at 
saslauthd[8891] :ipc_init        : using accept lock file: 
saslauthd[8891] :detach_tty      : master pid is: 0
saslauthd[8891] :ipc_init        : listening on socket: 
saslauthd[8891] :main            : using process model
saslauthd[8891] :have_baby       : forked child: 8892
saslauthd[8892] :get_accept_lock : acquired accept lock
saslauthd[8891] :have_baby       : forked child: 8893
saslauthd[8891] :have_baby       : forked child: 8894
saslauthd[8891] :have_baby       : forked child: 8895
saslauthd[8892] :rel_accept_lock : released accept lock
saslauthd[8892] :cache_get_rlock : attempting a read lock on slot: 1130
saslauthd[8892] :cache_lookup    : [login=info at domain2.tld] [service=] 
[realm=imap]: not found, update pending
saslauthd[8892] :cache_un_lock   : attempting to release lock on slot: 1130
saslauthd[8893] :get_accept_lock : acquired accept lock
saslauthd[8892] :do_auth         : auth failure: [user=info at domain2.tld] 
[service=imap] [realm=] [mech=sasldb] [reason=Unknown]
saslauthd[8892] :do_request      : response: NO

I test it from WLM and got an error too...

Thank you

-----Oorspronkelijk bericht----- 
From: Dan White
Sent: Friday, March 7, 2014 6:01 PM
To: Andrey‪
Cc: info-cyrus at lists.andrew.cmu.edu
Subject: Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16

On 03/07/14 17:13 +0100, Andrey ‪ wrote:
>Hi everyone,
>I am stack. I would like to use in my test environment virtual domains and 
>I have 2 domains. The users from default domain i can via sasl and pam 
>authenticate without problem. I use in my mail software credentials like 
>user password.
>Now I don’t want to use pam mechanism, but sasldb. See hereunder my 

saslauthd, with default compile options, does not contain support for
sasldb. It is recommended to use the sasldb auxprop plugin in this scenario
rather than saslauthd. Configure /etc/imapd.conf with:

sasl_auxprop_plugin: sasldb
sasl_pwcheck_method: auxprop

>#chroot Postfix
>OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd”
>#only sasl/virtual related config info!
>mydomain = domain.tld
>myhostname = mail.domain.tld
>mydestination = mail.domain.tld, domain.tld, localhost.domain.tld, 
>mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp

Configure your postfix smtpd.conf with:

auxprop_plugin: sasldb
pwcheck_method: auxprop

The sasldb database is typically contained in /etc, and not underneath
underneath the Postfix chroot. Either disable chrooting of smtpd in
/etc/postfix/master.cf, or configure an appropriate 'sasl_sasldb_path' in
/etc/imapd.conf, and a 'sasldb_path' in your postfix smtpd.conf file. If
you continue to chroot postfix, you will also need to specify the location
of the sasldb database with 'saslpasswd2 -f <path>'.

>#only sasl/virtual related config info!
>allowplaintext: yes
>sasl_mech_list: PLAIN
>loginrealms: domain.tld,domain2.tld
>virtdomains: userid
>defaultdomain: domain.tld
>sasl_pwcheck_method: saslauthd
>sasl_auto_transition: no
>Then I did following steps:
>saslpasswd2 -u domain.tld info
>testsaslauthd -u info -r domain.tld -p Pa77w0rd
>0: OK "Success."
>testsaslauthd -u info at domain.tld -p Pa77w0rd
>0: NO "authentication failed"

With saslauthd, you may wish to experiment with the '-r' option
(/etc/default/saslauthd OPTIONS).

Dan White 

More information about the Info-cyrus mailing list