Re: Cyrus sasl authentication problem

From: Ken Murchison (no email)
Date: Thu Dec 16 2004 - 14:36:58 EST

  • Next message: Champaka Guruge: "cyrus pop with shadow passwords"

    Wilson, Dave wrote:

    > saslauthd is running as root.
    > However, I have passwords in /etc/shadow.
    > Will it not work this way?

    It will, but you need to use the '-a shadow' rather than '-a getpwent'.

    >
    >>-----Original Message-----
    >>From: Ken Murchison [mailto:]
    >>Sent: Thursday, December 16, 2004 11:06 AM
    >>To: Wilson, Dave
    >>Cc:
    >>Subject: Re: Cyrus sasl authentication problem
    >>
    >>
    >>Wilson, Dave wrote:
    >>
    >>
    >>>./saslauthd -a getpwent -d
    >>>saslauthd[6583] :main : num_procs : 5
    >>>saslauthd[6583] :main : mech_option: NULL
    >>>saslauthd[6583] :main : run_path : /var/state/saslauthd
    >>>saslauthd[6583] :main : auth_mech : getpwent
    >>>saslauthd[6583] :ipc_init : using accept lock file:
    >>
    >>/var/state/saslauthd/mux.accept
    >>
    >>>saslauthd[6583] :detach_tty : master pid is: 0
    >>>saslauthd[6583] :ipc_init : listening on socket:
    >>
    >>/var/state/saslauthd/mux
    >>
    >>>saslauthd[6583] :main : using process model
    >>>saslauthd[6583] :have_baby : forked child: 6584
    >>>saslauthd[6583] :have_baby : forked child: 6585
    >>>saslauthd[6583] :have_baby : forked child: 6586
    >>>saslauthd[6583] :have_baby : forked child: 6587
    >>>saslauthd[6583] :get_accept_lock : acquired accept lock
    >>>saslauthd[6583] :rel_accept_lock : released accept lock
    >>>saslauthd[6584] :get_accept_lock : acquired accept lock
    >>>saslauthd[6583] :do_auth : auth failure: [user=pcs]
    >>
    >>[service=imap] [realm=] [mech=getpwent]
    >>
    >>>[reason=Unknown]
    >>>saslauthd[6583] :do_request : response: NO
    >>
    >>I assume that you are running saslauthd as root, that /etc/passwd is
    >>readable by root and that you actually have passwords in
    >>/etc/passwd (as
    >>opposed to /etc/shadow)?
    >>
    >>
    >>
    >>>
    >>>>-----Original Message-----
    >>>>From: Ken Murchison [mailto:]
    >>>>Sent: Thursday, December 16, 2004 10:45 AM
    >>>>To: Wilson, Dave
    >>>>Cc:
    >>>>Subject: Re: Cyrus sasl authentication problem
    >>>>
    >>>>
    >>>>Wilson, Dave wrote:
    >>>>
    >>>>
    >>>>
    >>>>>This didn't work either:
    >>>>
    >>>>What does the SASL debug log look like?
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>>./imtest -m login -a pcs localhost
    >>>>>S: * OK pcs-pfni-01 Cyrus IMAP4 v2.2.10 server ready
    >>>>>C: C01 CAPABILITY
    >>>>>S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
    >>>>
    >>>>MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_
    >>>>
    >>>>
    >>>>>RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
    >>>>
    >>>>THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMOR
    >>>>
    >>>>
    >>>>>E IDLE
    >>>>>S: C01 OK Completed
    >>>>>Please enter your password:
    >>>>>C: L01 LOGIN pcs {3}
    >>>>>S: + go ahead
    >>>>>C: <omitted>
    >>>>>S: L01 NO Login failed: no mechanism available
    >>>>>Authentication failed. generic failure
    >>>>>Security strength factor: 0
    >>>>>
    >>>>>This is my imapd.conf:
    >>>>>
    >>>>>configdirectory: /u01/imap
    >>>>>partition-default: /u01/spool/imap
    >>>>>admins: pcs root
    >>>>>sasl_pwcheck_method: saslauthd
    >>>>>sasl_mech_list: PLAIN
    >>>>>allowplaintext: 1
    >>>>>defaultdomain: pactolus
    >>>>>imapidlepoll: 15
    >>>>>
    >>>>>I have saslauthd running: ./saslauthd -a getpwent
    >>>>>
    >>>>>Any other ideas?
    >>>>>
    >>>>>Dave
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>>-----Original Message-----
    >>>>>>From: Ken Murchison [mailto:]
    >>>>>>Sent: Thursday, December 16, 2004 9:53 AM
    >>>>>>To: Wilson, Dave
    >>>>>>Cc: ''
    >>>>>>Subject: Re: Cyrus sasl authentication problem
    >>>>>>
    >>>>>>
    >>>>>>Wilson, Dave wrote:
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>I'm using Cyrus with sasl, using auth method getpwent:
    >>>>>>>
    >>>>>>>./saslauthd -d -a getpwent
    >>>>>>>
    >>>>>>>I then use imtest:
    >>>>>>>
    >>>>>>>./imtest -m login -u pcs localhost
    >>>>>>
    >>>>>>This should be:
    >>>>>>
    >>>>>>./imtest -m login -a pcs localhost
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>S: * OK pcs-pfni-01 Cyrus IMAP4 v2.2.10 server ready
    >>>>>>>C: C01 CAPABILITY
    >>>>>>>S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
    >>>>
    >>>>MAILBOX-REFERRALS
    >>>>
    >>>>
    >>>>>>>NAMESPACE UIDPLUS ID NO_ATOMIC_
    >>>>>>>RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
    >>>>>>
    >>>>>>THREAD=ORDEREDSUBJECT
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>THREAD=REFERENCES ANNOTATEMOR
    >>>>>>>E IDLE AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
    >>>>>>>S: C01 OK Completed
    >>>>>>>Please enter your password:
    >>>>>>>C: L01 LOGIN root {3}
    >>>>>>>S: + go ahead
    >>>>>>>C: <omitted>
    >>>>>>>S: L01 NO Login failed: authentication failure
    >>>>>>>Authentication failed. generic failure
    >>>>>>>Security strength factor: 0
    >>>>>>>
    >>>>>>>The debug log from sasl is:
    >>>>>>>
    >>>>>>>saslauthd[5293] :main : num_procs : 5
    >>>>>>>saslauthd[5293] :main : mech_option: NULL
    >>>>>>>saslauthd[5293] :main : run_path :
    >>>>
    >>>>/var/state/saslauthd
    >>>>
    >>>>
    >>>>>>>saslauthd[5293] :main : auth_mech : getpwent
    >>>>>>>saslauthd[5293] :ipc_init : using accept lock file:
    >>>>>>>/var/state/saslauthd/mux.accept
    >>>>>>>saslauthd[5293] :detach_tty : master pid is: 0
    >>>>>>>saslauthd[5293] :ipc_init : listening on socket:
    >>>>>>>/var/state/saslauthd/mux
    >>>>>>>saslauthd[5293] :main : using process model
    >>>>>>>saslauthd[5293] :have_baby : forked child: 5294
    >>>>>>>saslauthd[5293] :have_baby : forked child: 5295
    >>>>>>>saslauthd[5293] :have_baby : forked child: 5296
    >>>>>>>saslauthd[5293] :have_baby : forked child: 5297
    >>>>>>>saslauthd[5293] :get_accept_lock : acquired accept lock
    >>>>>>>saslauthd[5293] :rel_accept_lock : released accept lock
    >>>>>>>saslauthd[5294] :get_accept_lock : acquired accept lock
    >>>>>>>saslauthd[5293] :do_auth : auth failure:
    >>>>>>
    >>>>>>[user=root] [service=imap]
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>[realm=] [mech=getpwent]
    >>>>>>>[reason=Unknown]
    >>>>>>>saslauthd[5293] :do_request : response: NO
    >>>>>>>saslauthd[5294] :rel_accept_lock : released accept lock
    >>>>>>>saslauthd[5295] :get_accept_lock : acquired accept lock
    >>>>>>>saslauthd[5294] :do_auth : auth failure:
    >>>>>>
    >>>>>>[user=root] [service=imap]
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>[realm=] [mech=getpwent]
    >>>>>>>[reason=Unknown]
    >>>>>>>saslauthd[5294] :do_request : response: NO
    >>>>>>>
    >>>>>>>Why does this have user=root? More generally, why is the
    >>>>>>
    >>>>>>authentication
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>>failing?
    >>>>>>>
    >>>>>>>Thanks
    >>>>>>>Dave
    >>>>>>>
    >>>>>>>---
    >>>>>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
    >>>>>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
    >>>>>>>List Archives/Info:
    >>
    >>http://asg.web.cmu.edu/cyrus/mailing-list.html
    >>
    >>>>>>
    >>>>>>--
    >>>>>>Kenneth Murchison Oceana Matrix Ltd.
    >>>>>>Software Engineer 21 Princeton Place
    >>>>>>716-662-8973 x26 Orchard Park, NY 14127
    >>>>>>--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
    >>>>>>
    >>>>>
    >>>>>
    >>>>>---
    >>>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
    >>>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
    >>>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
    >>>>>
    >>>>
    >>>>
    >>>>--
    >>>>Kenneth Murchison Oceana Matrix Ltd.
    >>>>Software Engineer 21 Princeton Place
    >>>>716-662-8973 x26 Orchard Park, NY 14127
    >>>>--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
    >>>>
    >>>
    >>>
    >>>---
    >>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
    >>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
    >>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
    >>>
    >>
    >>
    >>--
    >>Kenneth Murchison Oceana Matrix Ltd.
    >>Software Engineer 21 Princeton Place
    >>716-662-8973 x26 Orchard Park, NY 14127
    >>--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
    >>
    >
    >
    > ---
    > Cyrus Home Page: http://asg.web.cmu.edu/cyrus
    > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
    > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
    >

    -- 
    Kenneth Murchison     Oceana Matrix Ltd.
    Software Engineer     21 Princeton Place
    716-662-8973 x26      Orchard Park, NY 14127
    --PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
    ---
    Cyrus Home Page: http://asg.web.cmu.edu/cyrus
    Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
    List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
    

  • Next message: Champaka Guruge: "cyrus pop with shadow passwords"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD