Hello list, I am trying to use MySQL as an authentication backend for SASL
I am folowing directions from The Book of Postfix but I am stack in authentication testing.
Can somebody help me with it please?
Errors:
MySQL query log:
---------------
1033 Connect Access denied for user: 'postfix@localhost' (Using password: YES)
/var/log/auth: I understand that this is a fallback mecganisms
--------------
Apr 26 22:38:36 ced lt-server: sql_select option missing
Apr 26 22:38:36 ced lt-server: auxpropfunc error no mechanism available
Apr 26 22:38:36 ced lt-server: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
Apr 26 22:32:55 ced lt-server: unable to open Berkeley db /etc/sasldb2: No such file or directory
Apr 26 22:32:55 ced lt-server: unable to open Berkeley db /etc/sasldb2: No such file or directory
Apr 26 22:32:55 ced lt-server: Password verification failed
Details:
ls /usr/local/lib/sasl2 -> seems that I could compile SASL w/ MySQL support?
-----------------------
libanonymous.la libcrammd5.so.2.0.21
liblogin.so.2 libsasldb.la libsql.so.2
libanonymous.so libdigestmd5.la liblogin.so.2.0.21 libsasldb.so libsql.so.2.0.19
libanonymous.so.2 libdigestmd5.so libplain.la libsasldb.so.2 libsql.so.2.0.21
libanonymous.so.2.0.21 libdigestmd5.so.2 libplain.so libsasldb.so.2.0.19
libcrammd5.la libdigestmd5.so.2.0.21 libplain.so.2 libsasldb.so.2.0.21
libcrammd5.so liblogin.la libplain.so.2.0.19
libsql.la
libcrammd5.so.2 liblogin.so libplain.so.2.0.21 libsql.so
/usr/lib/sasl2/smtp.conf & sample.conf
--------------------------------------
# Global parameter
log_level: 3
# Password verification service
pwcheck_method: auxprop
# SMTP AUTH mechanisms
mech_list: PLAIN LOGIN CRAM_MD5
# auxiliary plugin parameters -> mysql password backend
auxprop_plugin: sql
sql_engine: mysql
sql_hostname: localhost
sql_database: smtpauthdb
sql_user: postfix
sql_passwd:
sql_select: SELECT %p FROM users WHERE username = '%u' AND userrealm = '%r' and auth = '1'
sql_usessl: no
server / client output
---------------------
# sh server -s rcmd -p 8000
trying 10, 1, 6
socket: Address family not supported by protocol
trying 2, 1, 6
accepted new connection
send: {41}
ANONYMOUS LOGIN DIGEST-MD5 CRAM-MD5 PLAIN
recv: {5}
PLAIN
recv: {1}
Y
recv: {18}
test[0]test[0]testpass
starting SASL negotiation: user not foundclosing connection
# sh client -s rcmd -p 8000 -m PLAIN
127.0.0.1
receiving capability list... recv: {41}
ANONYMOUS LOGIN DIGEST-MD5 CRAM-MD5 PLAIN
ANONYMOUS LOGIN DIGEST-MD5 CRAM-MD5 PLAIN
please enter an authentication id: test
please enter an authorization id: test
Password:
send: {5}
PLAIN
send: {1}
Y
send: {18}
test[0]test[0]testpass
authentication failed
closing connection
Compile options
---------------
export CPPFLAGS="-I/usr/include/mysql" &&
./configure \
--prefix=/usr/local/sasl2 \
--enable-sample \
--enable-shared=yes \
--enable-fast-install=yes \
--disable-static \
--disable-cmulocal \
--disable-java \
--disable-alwaystrue \
--disable-libtool-lock \
--disable-staticdlopen \
--disable-checkapop \
--enable-cram \
--enable-plain \
--enable-login \
--disable-anon \
--disable-digest \
--disable-krb4 \
--disable-gssapi \
--disable-ntlm \
--disable-otp \
--disable-srp \
--disable-srp-setpass \
--enable-sql \
--with-mysql \
--with-plugindir=/usr/local/lib/sasl2 \
--with-des=yes \
--with-rc4 \
--with-openssl=/usr/bin/openssl \
--without-pam \
--without-dbpath \
--without-dblib \
--without-bdb-libdir \
--without-bdb-incdir \
--without-pwcheck \
--without-dmalloc \
--without-sfio \
--without-opie \
--without-ldap \
--without-javabase \
--without-gdbm \
--without-gnu-ld \
--without-purecov \
--without-purify \
--without-authdaemon \
--with-saslauthd=no \
--without-ipctype &&