Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16

Andrey ‪ andrew_dev at hotmail.com
Fri Mar 7 16:02:30 EST 2014 

Hi

this was very helpful:

sasl_auxprop_plugin: sasldb

But is works only in combination with:
sasl_pwcheck_method: saslauth

I can now log in to default domain as user password via Windows live mail 
(WLM) and send/receive e-mails.
And I a succeed on testsaslauthd.

However, the user in sasldb with name info at domain2.tld cannot login.


in /etc/default/saslauthd

START=yes
MECHANISMS="sasldb"
THREADS=5
OPTIONS="-c -m /var/run/saslauthd -rVd"


root at srv01:~# sasldblistusers2
cyrus at srv01: userPassword
info at domain2.tld: userPassword
andrey at srv01: userPassword

root at srv01:~#testsaslauthd -u info at domain2.tld -p Pa77w0rd
0: NO "authentication failed"

Debug:

root at srv01:~# service saslauthd restart
* Stopping SASL Authentication Daemon saslauthd                         [ 
OK ]
* Starting SASL Authentication Daemon saslauthd 
saslauthd[8891] :main            : num_procs  : 5
saslauthd[8891] :main            : mech_option: NULL
saslauthd[8891] :main            : run_path   : /var/run/saslauthd
saslauthd[8891] :main            : auth_mech  : sasldb
saslauthd[8891] :cache_alloc_mm  : mmaped shared memory segment on file: 
/var/run/saslauthd/cache.mmap
saslauthd[8891] :cache_init      : bucket size: 96 bytes
saslauthd[8891] :cache_init      : stats size : 36 bytes
saslauthd[8891] :cache_init      : timeout    : 28800 seconds
saslauthd[8891] :cache_init      : cache table: 985828 total bytes
saslauthd[8891] :cache_init      : cache table: 1711 slots
saslauthd[8891] :cache_init      : cache table: 10266 buckets
saslauthd[8891] :cache_init_lock : flock file opened at 
/var/run/saslauthd/cache.flock
saslauthd[8891] :ipc_init        : using accept lock file: 
/var/run/saslauthd/mux.accept
saslauthd[8891] :detach_tty      : master pid is: 0
saslauthd[8891] :ipc_init        : listening on socket: 
/var/run/saslauthd/mux
saslauthd[8891] :main            : using process model
saslauthd[8891] :have_baby       : forked child: 8892
saslauthd[8892] :get_accept_lock : acquired accept lock
saslauthd[8891] :have_baby       : forked child: 8893
saslauthd[8891] :have_baby       : forked child: 8894
saslauthd[8891] :have_baby       : forked child: 8895
saslauthd[8892] :rel_accept_lock : released accept lock
saslauthd[8892] :cache_get_rlock : attempting a read lock on slot: 1130
saslauthd[8892] :cache_lookup    : [login=info at domain2.tld] [service=] 
[realm=imap]: not found, update pending
saslauthd[8892] :cache_un_lock   : attempting to release lock on slot: 1130
saslauthd[8893] :get_accept_lock : acquired accept lock
saslauthd[8892] :do_auth         : auth failure: [user=info at domain2.tld] 
[service=imap] [realm=] [mech=sasldb] [reason=Unknown]
saslauthd[8892] :do_request      : response: NO


I test it from WLM and got an error too...


Thank you


-----Oorspronkelijk bericht----- 
From: Dan White
Sent: Friday, March 7, 2014 6:01 PM
To: Andrey‪
Cc: info-cyrus at lists.andrew.cmu.edu
Subject: Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16

On 03/07/14 17:13 +0100, Andrey ‪ wrote:
>Hi everyone,
>
>I am stack. I would like to use in my test environment virtual domains and 
>emails.
>
>I have 2 domains. The users from default domain i can via sasl and pam 
>authenticate without problem. I use in my mail software credentials like 
>user password.
>Now I don’t want to use pam mechanism, but sasldb. See hereunder my 
>configs:
>
>/etc/default/saslauthd
>
>START=yes
>MECHANISMS="sasldb"
>MECH_OPTIONS=""
>THREADS=5

saslauthd, with default compile options, does not contain support for
sasldb. It is recommended to use the sasldb auxprop plugin in this scenario
rather than saslauthd. Configure /etc/imapd.conf with:

sasl_auxprop_plugin: sasldb
sasl_pwcheck_method: auxprop

>#chroot Postfix
>OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd”
>
>
>/etc/postfix/main.cf
>#only sasl/virtual related config info!
>mydomain = domain.tld
>myhostname = mail.domain.tld
>mydestination = mail.domain.tld, domain.tld, localhost.domain.tld, 
>localhost
>
>mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp

Configure your postfix smtpd.conf with:

auxprop_plugin: sasldb
pwcheck_method: auxprop

The sasldb database is typically contained in /etc, and not underneath
underneath the Postfix chroot. Either disable chrooting of smtpd in
/etc/postfix/master.cf, or configure an appropriate 'sasl_sasldb_path' in
/etc/imapd.conf, and a 'sasldb_path' in your postfix smtpd.conf file. If
you continue to chroot postfix, you will also need to specify the location
of the sasldb database with 'saslpasswd2 -f <path>'.

>/etc/imapd.conf
>#only sasl/virtual related config info!
>allowplaintext: yes
>sasl_mech_list: PLAIN
>loginrealms: domain.tld,domain2.tld
>virtdomains: userid
>defaultdomain: domain.tld
>sasl_pwcheck_method: saslauthd
>sasl_auto_transition: no
>
>
>Then I did following steps:
>saslpasswd2 -u domain.tld info
>testsaslauthd -u info -r domain.tld -p Pa77w0rd
>0: OK "Success."
>testsaslauthd -u info at domain.tld -p Pa77w0rd
>0: NO "authentication failed"

With saslauthd, you may wish to experiment with the '-r' option
(/etc/default/saslauthd OPTIONS).

-- 
Dan White

More information about the Info-cyrus mailing list