Can't get pgsql backend to work. What am I doing wrong?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am trying to get SASL to work authenticated to a postgresql database for SMTP auth with postfix. But it sasl is being very uncooperative.

basic system info
barium# uname -mrs
FreeBSD 7.0-RELEASE-p1 amd64

cyrus-sasl version: 2.1.22
postfix version: 2.5.1

One of my biggest problems is I can't find any documentation of the smtpd.conf file, but form what I've pieced together from tutorials and such I've got this.
pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: pgsql
allowanonymouslogin: no
allowplaintext: yes
mech_list: LOGIN PLAIN
password_format: plaintext
sql_user: mail
sql_passwd:
sql_hostnames: localhost
sql_database: mail
sql_select: SELECT pass FROM emails_view WHERE email = '%u@%r'
log_level: 7
sql_verbose: true

If I use saslpasswd2 on an account like I get "generic failure". Does saslpasswd2 even work on sql or is it sasldb only?
barium# saslpasswd2 -a smtpd jeann@xxxxxxxxxxx
saslpasswd2: generic failure

If I run "pluginviewer -a" it only lists sasldb. Shouldn't SQL be in here?
barium# pluginviewer -a
Installed auxprop mechanisms are:
sasldb
List of auxprop plugins follows
Plugin "sasldb" ,       API version: 4
        supports store: yes

barium# pluginviewer -s
Installed SASL (server side) mechanisms are:
LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL
List of server plugins follows
Plugin "login" [loaded],        API version: 4
        SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
        security flags: NO_ANONYMOUS
        features:
Plugin "anonymous" [loaded],    API version: 4
        SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
        security flags: NO_PLAINTEXT
        features: WANT_CLIENT_FIRST
Plugin "plain" [loaded],        API version: 4
        SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
        security flags: NO_ANONYMOUS
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "gssapiv2" [loaded],     API version: 4
        SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "digestmd5" [loaded],    API version: 4
        SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
        features: PROXY_AUTHENTICATION
Plugin "crammd5" [loaded],      API version: 4
        SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
        security flags: NO_ANONYMOUS|NO_PLAINTEXT
        features: SERVER_FIRST

Configure line
'./configure' --prefix=/usr/local  '--sysconfdir=/usr/local/etc' '--with-configdir=/usr/local/lib/sasl2:/usr/local/etc/sasl2' '--with-plugindir=/usr/local/lib/sasl2' '--with-dbpath=/usr/local/etc/sasldb2' '--includedir=/usr/local/include' '--enable-static' '--enable-auth-sasldb' '--with-rc4=openssl' '--with-saslauthd=/var/run/saslauthd' '--with-dblib=berkeley' '--with-bdb-libdir=/usr/local/lib' '--with-bdb-incdir=/usr/local/include/db41' '--with-bdb=db41' '--enable-sql' '--without-mysql' '--with-pgsql=/usr/local' '--without-sqlite' '--enable-alwaystrue' '--with-authdaemond=no' '--enable-login' '--disable-otp' '--disable-ntlm' '--enable-gssapi' '--disable-krb4' '--with-openssl=yes' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' 'amd64-portbld-freebsd7.0' 'CC=cc' 'CFLAGS=-O -pipe -march=nocona' 'CPPFLAGS=-fPIC -I/usr/local/include' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib -L/usr/local/lib' 'build_alias=amd64-portbld-freebsd7.0' 'host_alias=amd64-portbld-freebsd7.0' 'target_alias=amd64-portbld-freebsd7.0' --cache-file=.././config.cache --srcdir=.
I don't see any errors related to sql in the configure, all I get is
checking SQL... enabled

And the SQL module seems to get compiled ok.
if /bin/sh /usr/local/bin/libtool --mode=compile cc -DHAVE_CONFIG_H -I. -I. -I..  -I../include -I../lib -I../sasldb -I../include  -fPIC -I/usr/local/include -I/usr/local/include/db41 -DKRB5_HEIMDAL -I/usr/local/include  -Wall -W -O -pipe -march=nocona -MT sql.lo -MD -MP -MF ".deps/sql.Tpo"  -c -o sql.lo `test -f 'sql.c' || echo './'`sql.c;  then mv ".deps/sql.Tpo" ".deps/sql.Plo";  else rm -f ".deps/sql.Tpo"; exit 1;  fi
 cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb -I../include -fPIC -I/usr/local/include -I/usr/local/include/db41 -DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona -MT sql.lo -MD -MP -MF .deps/sql.Tpo -c sql.c  -fPIC -DPIC -o .libs/sql.o
sql.c: In function 'sql_auxprop_plug_init':
sql.c:1077: warning: unused parameter 'plugname'
 cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb -I../include -fPIC -I/usr/local/include -I/usr/local/include/db41 -DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona -MT sql.lo -MD -MP -MF .deps/sql.Tpo -c sql.c -o sql.o >/dev/null 2>&1
if /bin/sh /usr/local/bin/libtool --mode=compile cc -DHAVE_CONFIG_H -I. -I. -I..  -I../include -I../lib -I../sasldb -I../include  -fPIC -I/usr/local/include -I/usr/local/include/db41 -DKRB5_HEIMDAL -I/usr/local/include  -Wall -W -O -pipe -march=nocona -MT sql_init.lo -MD -MP -MF ".deps/sql_init.Tpo"  -c -o sql_init.lo `test -f 'sql_init.c' || echo './'`sql_init.c;  then mv ".deps/sql_init.Tpo" ".deps/sql_init.Plo";  else rm -f ".deps/sql_init.Tpo"; exit 1;  fi
 cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb -I../include -fPIC -I/usr/local/include -I/usr/local/include/db41 -DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona -MT sql_init.lo -MD -MP -MF .deps/sql_init.Tpo -c sql_init.c  -fPIC -DPIC -o .libs/sql_init.o
 cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb -I../include -fPIC -I/usr/local/include -I/usr/local/include/db41 -DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona -MT sql_init.lo -MD -MP -MF .deps/sql_init.Tpo -c sql_init.c -o sql_init.o >/dev/null 2>&1
/bin/sh /usr/local/bin/libtool --mode=link cc  -Wall -W -O -pipe -march=nocona  -module -export-dynamic -rpath /usr/local/lib/sasl2 -rpath=/usr/lib:/usr/local/lib -L/usr/local/lib -o libsql.la   -L/usr/local/lib  -R/usr/local/lib -lpq  -version-info 2:22:0 sql.lo sql_init.lo plugin_common.lo
cc -shared  .libs/sql.o .libs/sql_init.o .libs/plugin_common.o  -Wl,--rpath -Wl,/usr/local/lib -L/usr/local/lib -lpq  -march=nocona -Wl,-soname -Wl,libsql.so.2 -o .libs/libsql.so.2
(cd .libs && rm -f libsql.so && ln -s libsql.so.2 libsql.so)
(cd .libs && rm -f libsql.so && ln -s libsql.so.2 libsql.so)
ar cru .libs/libsql.a  sql.o sql_init.o plugin_common.o
ranlib .libs/libsql.a
creating libsql.la
(cd .libs && rm -f libsql.la && ln -s ../libsql.la libsql.la)
<snip>
if cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../plugins -I../include -I../sasldb   -fPIC -I/usr/local/include -I/usr/local/include/db41 -DKRB5_HEIMDAL -I/usr/local/include  -Wall -W -O -pipe -march=nocona -MT sql.o -MD -MP -MF ".deps/sql.Tpo"  -c -o sql.o `test -f '/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c' || echo './'`/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c;  then mv ".deps/sql.Tpo" ".deps/sql.Po";  else rm -f ".deps/sql.Tpo"; exit 1;  fi
/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c: In function 'sql_auxprop_plug_init':
/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c:1077: warning: unused parameter 'plugname'
adding static plugins and dependencies
ar cru .libs/libsasl2.a sasldb.o db_berkeley.o allockey.o cram.o digestmd5.o gssapi.o plain.o anonymous.o login.o sql.o

And the files are there
barium# ll /usr/local/lib/sasl2/*sql*
-rw-r--r--  1 root  wheel  28568 May 13 10:27 /usr/local/lib/sasl2/libsql.a
-rwxr-xr-x  1 root  wheel    826 May 13 10:27 /usr/local/lib/sasl2/libsql.la
lrwxr-xr-x  1 root  wheel     11 May 13 10:27 /usr/local/lib/sasl2/libsql.so -> libsql.so.2
-rwxr-xr-x  1 root  wheel  27026 May 13 10:27 /usr/local/lib/sasl2/libsql.so.2

For some reason I get some mysql related errors in the syslog like these. I'm using postgresql not mysql. It's compiled without mysql.
May 13 15:05:42 barium pluginviewer: SQL engine 'mysql' not supported
May 13 15:05:42 barium pluginviewer: auxpropfunc error no mechanism available
May 13 15:05:46 barium pluginviewer: SQL engine 'mysql' not supported
May 13 15:05:46 barium pluginviewer: auxpropfunc error no mechanism available
May 13 15:05:51 barium pluginviewer: SQL engine 'mysql' not supported
May 13 15:05:51 barium pluginviewer: auxpropfunc error no mechanism available
May 13 15:17:38 barium server: SQL engine 'mysql' not supported
May 13 15:17:38 barium server: auxpropfunc error no mechanism available
Other than that, I only get generic errors like
May 13 15:31:07 barium postfix/smtpd[79672]: warning: SASL per-process initialization failed: generic failure
May 13 15:31:07 barium postfix/smtpd[79672]: fatal: SASL per-process initialization failed

using the client/server in "sample"

Client
barium# ./client -s smtpd -m LOGIN localhost
receiving capability list... recv: {48}
LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
send: {5}
LOGIN
send: {1}
N
recv: {9}
Username:
please enter an authentication id: jeann@xxxxxxxxxxx
Password:
send: {17}
jeann@xxxxxxxxxxx
recv: {9}
Password:
send: {6}
asdfgh
authentication failed
closing connection
Server
accepted new connection
send: {48}
LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
recv: {5}
LOGIN
recv: {1}
N
send: {9}
Username:
recv: {17}
jeann@xxxxxxxxxxx
send: {9}
Password:
recv: {6}
asdfgh
performing SASL negotiation: user not foundclosing connection


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux