I am trying to get SASL to work authenticated to a postgresql database
for SMTP auth with postfix. But it sasl is being very uncooperative.
basic system info
barium# uname -mrs
FreeBSD 7.0-RELEASE-p1 amd64
cyrus-sasl version: 2.1.22
postfix version: 2.5.1
One of my biggest problems is I can't find any documentation of the
smtpd.conf file, but form what I've pieced together from tutorials and
such I've got this.
pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: pgsql
allowanonymouslogin: no
allowplaintext: yes
mech_list: LOGIN PLAIN
password_format: plaintext
sql_user: mail
sql_passwd:
sql_hostnames: localhost
sql_database: mail
sql_select: SELECT pass FROM emails_view WHERE email = '%u@%r'
log_level: 7
sql_verbose: true
If I use saslpasswd2 on an account like I get "generic failure". Does
saslpasswd2 even work on sql or is it sasldb only?
barium# saslpasswd2 -a smtpd jeann@xxxxxxxxxxx
saslpasswd2: generic failure
If I run "pluginviewer -a" it only lists sasldb. Shouldn't SQL be in
here?
barium# pluginviewer -a
Installed auxprop mechanisms are:
sasldb
List of auxprop plugins follows
Plugin "sasldb" , API version: 4
supports store: yes
barium# pluginviewer -s
Installed SASL (server side) mechanisms are:
LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL
List of server plugins follows
Plugin "login" [loaded], API version: 4
SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
security flags: NO_ANONYMOUS
features:
Plugin "anonymous" [loaded], API version: 4
SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
security flags: NO_PLAINTEXT
features: WANT_CLIENT_FIRST
Plugin "plain" [loaded], API version: 4
SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
security flags: NO_ANONYMOUS
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "gssapiv2" [loaded], API version: 4
SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no
security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "digestmd5" [loaded], API version: 4
SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
features: PROXY_AUTHENTICATION
Plugin "crammd5" [loaded], API version: 4
SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
security flags: NO_ANONYMOUS|NO_PLAINTEXT
features: SERVER_FIRST
Configure line
'./configure' --prefix=/usr/local
'--sysconfdir=/usr/local/etc'
'--with-configdir=/usr/local/lib/sasl2:/usr/local/etc/sasl2'
'--with-plugindir=/usr/local/lib/sasl2'
'--with-dbpath=/usr/local/etc/sasldb2'
'--includedir=/usr/local/include' '--enable-static'
'--enable-auth-sasldb' '--with-rc4=openssl'
'--with-saslauthd=/var/run/saslauthd' '--with-dblib=berkeley'
'--with-bdb-libdir=/usr/local/lib'
'--with-bdb-incdir=/usr/local/include/db41' '--with-bdb=db41'
'--enable-sql' '--without-mysql' '--with-pgsql=/usr/local'
'--without-sqlite' '--enable-alwaystrue' '--with-authdaemond=no'
'--enable-login' '--disable-otp' '--disable-ntlm' '--enable-gssapi'
'--disable-krb4' '--with-openssl=yes' '--prefix=/usr/local'
'--mandir=/usr/local/man' '--infodir=/usr/local/info/'
'amd64-portbld-freebsd7.0' 'CC=cc' 'CFLAGS=-O -pipe -march=nocona'
'CPPFLAGS=-fPIC -I/usr/local/include' 'LDFLAGS=
-rpath=/usr/lib:/usr/local/lib -L/usr/local/lib'
'build_alias=amd64-portbld-freebsd7.0'
'host_alias=amd64-portbld-freebsd7.0'
'target_alias=amd64-portbld-freebsd7.0' --cache-file=.././config.cache
--srcdir=.
I don't see any errors related to sql in the configure, all I get is
checking SQL... enabled
And the SQL module seems to get compiled ok.
if /bin/sh /usr/local/bin/libtool --mode=compile cc
-DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb
-I../include -fPIC -I/usr/local/include -I/usr/local/include/db41
-DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona
-MT sql.lo -MD -MP -MF ".deps/sql.Tpo" -c -o sql.lo `test -f 'sql.c'
|| echo './'`sql.c; then mv ".deps/sql.Tpo" ".deps/sql.Plo"; else rm
-f ".deps/sql.Tpo"; exit 1; fi
cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb
-I../include -fPIC -I/usr/local/include -I/usr/local/include/db41
-DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona -MT
sql.lo -MD -MP -MF .deps/sql.Tpo -c sql.c -fPIC -DPIC -o .libs/sql.o
sql.c: In function 'sql_auxprop_plug_init':
sql.c:1077: warning: unused parameter 'plugname'
cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb
-I../include -fPIC -I/usr/local/include -I/usr/local/include/db41
-DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona -MT
sql.lo -MD -MP -MF .deps/sql.Tpo -c sql.c -o sql.o >/dev/null
2>&1
if /bin/sh /usr/local/bin/libtool --mode=compile cc -DHAVE_CONFIG_H -I.
-I. -I.. -I../include -I../lib -I../sasldb -I../include -fPIC
-I/usr/local/include -I/usr/local/include/db41 -DKRB5_HEIMDAL
-I/usr/local/include -Wall -W -O -pipe -march=nocona -MT sql_init.lo
-MD -MP -MF ".deps/sql_init.Tpo" -c -o sql_init.lo `test -f
'sql_init.c' || echo './'`sql_init.c; then mv ".deps/sql_init.Tpo"
".deps/sql_init.Plo"; else rm -f ".deps/sql_init.Tpo"; exit 1; fi
cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb
-I../include -fPIC -I/usr/local/include -I/usr/local/include/db41
-DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona -MT
sql_init.lo -MD -MP -MF .deps/sql_init.Tpo -c sql_init.c -fPIC -DPIC
-o .libs/sql_init.o
cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../lib -I../sasldb
-I../include -fPIC -I/usr/local/include -I/usr/local/include/db41
-DKRB5_HEIMDAL -I/usr/local/include -Wall -W -O -pipe -march=nocona -MT
sql_init.lo -MD -MP -MF .deps/sql_init.Tpo -c sql_init.c -o sql_init.o
>/dev/null 2>&1
/bin/sh /usr/local/bin/libtool --mode=link cc -Wall -W -O -pipe
-march=nocona -module -export-dynamic -rpath /usr/local/lib/sasl2
-rpath=/usr/lib:/usr/local/lib -L/usr/local/lib -o libsql.la
-L/usr/local/lib -R/usr/local/lib -lpq -version-info 2:22:0 sql.lo
sql_init.lo plugin_common.lo
cc -shared .libs/sql.o .libs/sql_init.o .libs/plugin_common.o
-Wl,--rpath -Wl,/usr/local/lib -L/usr/local/lib -lpq -march=nocona
-Wl,-soname -Wl,libsql.so.2 -o .libs/libsql.so.2
(cd .libs && rm -f libsql.so && ln -s libsql.so.2
libsql.so)
(cd .libs && rm -f libsql.so && ln -s libsql.so.2
libsql.so)
ar cru .libs/libsql.a sql.o sql_init.o plugin_common.o
ranlib .libs/libsql.a
creating libsql.la
(cd .libs && rm -f libsql.la && ln -s ../libsql.la
libsql.la)
<snip>
if cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../plugins
-I../include -I../sasldb -fPIC -I/usr/local/include
-I/usr/local/include/db41 -DKRB5_HEIMDAL -I/usr/local/include -Wall -W
-O -pipe -march=nocona -MT sql.o -MD -MP -MF ".deps/sql.Tpo" -c -o
sql.o `test -f
'/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c'
|| echo
'./'`/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c;
then mv ".deps/sql.Tpo" ".deps/sql.Po"; else rm -f ".deps/sql.Tpo";
exit 1; fi
/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c:
In function 'sql_auxprop_plug_init':
/usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.22/lib/../plugins/sql.c:1077:
warning: unused parameter 'plugname'
adding static plugins and dependencies
ar cru .libs/libsasl2.a sasldb.o db_berkeley.o allockey.o cram.o
digestmd5.o gssapi.o plain.o anonymous.o login.o sql.o
And the files are there
barium# ll /usr/local/lib/sasl2/*sql*
-rw-r--r-- 1 root wheel 28568 May 13 10:27
/usr/local/lib/sasl2/libsql.a
-rwxr-xr-x 1 root wheel 826 May 13 10:27
/usr/local/lib/sasl2/libsql.la
lrwxr-xr-x 1 root wheel 11 May 13 10:27
/usr/local/lib/sasl2/libsql.so -> libsql.so.2
-rwxr-xr-x 1 root wheel 27026 May 13 10:27
/usr/local/lib/sasl2/libsql.so.2
For some reason I get some mysql related errors in the syslog like
these. I'm using postgresql not mysql. It's compiled without mysql.
May 13 15:05:42 barium pluginviewer: SQL engine 'mysql' not
supported
May 13 15:05:42 barium pluginviewer: auxpropfunc error no mechanism
available
May 13 15:05:46 barium pluginviewer: SQL engine 'mysql' not supported
May 13 15:05:46 barium pluginviewer: auxpropfunc error no mechanism
available
May 13 15:05:51 barium pluginviewer: SQL engine 'mysql' not supported
May 13 15:05:51 barium pluginviewer: auxpropfunc error no mechanism
available
May 13 15:17:38 barium server: SQL engine 'mysql' not supported
May 13 15:17:38 barium server: auxpropfunc error no mechanism available
Other than that, I only get generic errors like
May 13 15:31:07 barium postfix/smtpd[79672]: warning: SASL
per-process initialization failed: generic failure
May 13 15:31:07 barium postfix/smtpd[79672]: fatal: SASL per-process
initialization failed
using the client/server in "sample"
Client
barium# ./client -s smtpd -m LOGIN localhost
receiving capability list... recv: {48}
LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
send: {5}
LOGIN
send: {1}
N
recv: {9}
Username:
please enter an authentication id: jeann@xxxxxxxxxxx
Password:
send: {17}
jeann@xxxxxxxxxxx
recv: {9}
Password:
send: {6}
asdfgh
authentication failed
closing connection
Server
accepted new connection
send: {48}
LOGIN ANONYMOUS PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
recv: {5}
LOGIN
recv: {1}
N
send: {9}
Username:
recv: {17}
jeann@xxxxxxxxxxx
send: {9}
Password:
recv: {6}
asdfgh
performing SASL negotiation: user not foundclosing connection
|