Hi,
I'm struggling to get my SASL config working... It seems that my "pwcheck_method" is being completely ignored! Although I set it as "saslauthd", I receive "could not find auxprop plugin, was searching for '[all]'" im my logs... I even traced Exim's pid and saw that the correct config file for sasl (/usr/lib64/sasl2/exim.conf) is being used.
Running manually "testsaslauthd" and "imtest" works ok, socket's permission is all right (/var/run/saslauthd/mux). But using SASL lib from Exim, it ignores the pwchek_mtehod... If I run saslauthd in debug mode (/usr/sbin/saslauthd -a pam -m /var/run/saslauthd -d), it logs nothing when SASL lib is called from Exim. When called by testsaslauthd and imtest, saslauthd debug's log show ok.
Exim seems to be calling SASL lib's normally, I'm posting some info below...
Any ideas? I'm running out of them! Thanks,
Mark J
Exim STRACE: [pid 29899] open("/usr/lib64/sasl2/exim.conf", O_RDONLY) = 6
[root@interno log]# cat /usr/lib64/sasl2/exim.conf
pwcheck_method:saslauthd
[root@interno log]# tail /var/log/messages
Jun 20 22:21:04 interno exim: NTLM server step 1
Jun 20 22:21:04 interno exim: client flags: ffffb207
Jun 20 22:21:04 interno exim: NTLM server step 2
Jun 20 22:21:04 interno exim: client user: MXXXXXX
Jun 20 22:21:04 interno exim: client domain: SOFISANT
Jun 20 22:21:04 interno exim: could not find auxprop plugin, was searching for '[all]'
Jun 20 22:21:04 interno exim: could not find auxprop plugin, was searching for '[all]'
Jun 20 22:21:04 interno exim: no secret in database
[root@interno log]# testsaslauthd -u mXXXXXX -p YYYYYYY
0: OK "Success."
[root@interno log]# imtest -u mXXXXXX -w YYYYYYY -a mXXXXXX -v -m login
WARNING: no hostname supplied, assuming localhost
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=NTLM SASL-IR] interno.sofisant.local Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-1.1.el5 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=NTLM SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH
S: C01 OK Completed
C: L01 LOGIN mXXXXXX {8}
S: + go ahead
C: <omitted>
S: L01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged in
Authenticated.
Security strength factor: 0
[root@interno log]# /usr/sbin/exim -bd -q1h -d+auth
29857 SMTP>> 250-server.email.interno Hello CPD39 [10.5.4.39]
29857 250-AUTH NTLM
29857 250 HELP
29857 SMTP<< AUTH NTLM
29857 Calling sasl_server_start(NTLM,"")
29857 SMTP>> 334
29857 SMTP<< TlRMTVNTUAABAAAAB7IIoggACAAtAAAABQAFACgAAAAFASgKAAAAD0NQRDM5U09GSVNBTlQ=
29857 Calling sasl_server_step("TlRMTVNTUAABAAAAB7IIoggACAAtAAAABQAFACgAAAAFASgKAAAAD0NQRDM5U09GSVNBTlQ=")
29857 SMTP>> 334 TlRMTVNTUAACAAAAKAAoADAAAAAFsgIApX9RPvX5/PUAAAAAAAAAAAAAAAAAAAAAUwBFAFIAVgBFAFIALgBFAE0AQQBJAEwALgBJAE4AVABFAFIATgBPAA==
29857 SMTP<< TlRMTVNTUAADAAAAGAAYAHQAAAAYABgAjAAAABAAEABIAAAAEgASAFgAAAAKAAoAagAAAAAAAACkAAAABYIAAgUBKAoAAAAPUwBPAEYASQBTAEEATgBUAE0ATABpAGMAYQBzAHQAcgBvAEMAUABEADMAOQB1Om5nsDBkan3TNtobQJkbfkPltX9HZ9Shwx9PPg0gIPnArowf9HMeKj2/xOi1t5w=
29857 Calling sasl_server_step("TlRMTVNTUAADAAAAGAAYAHQAAAAYABgAjAAAABAAEABIAAAAEgASAFgAAAAKAAoAagAAAAAAAACkAAAABYIAAgUBKAoAAAAPUwBPAEYASQBTAEEATgBUAE0ATABpAGMAYQBzAHQAcgBvAEMAUABEADMAOQB1Om5nsDBkan3TNtobQJkbfkPltX9HZ9Shwx9PPg0gIPnArowf9HMeKj2/xOi1t5w=")
29857 Cyrus SASL permanent failure -20 (user not found)
29857 LOG: REJECT
29857 sasl_auth authenticator (NTLM):
29857 Cyrus SASL permanent failure: user not found
29857 SMTP>> 535 Incorrect authentication data
29857 LOG: MAIN REJECT
29857 sasl_auth authenticator failed for (CPD39) [10.5.4.39]: 535 Incorrect authentication data
29857 SMTP<< AUTH NTLM
29857 host in smtp_accept_max_nonmail_hosts? yes (matched "*")
29857 Calling sasl_server_start(NTLM,"")
29857 SMTP>> 334
29857 SMTP<< *
29857 SMTP>> 501 Authentication cancelled
29857 LOG: MAIN REJECT
29857 sasl_auth authenticator failed for (CPD39) [10.5.4.39]: 501 Authentication cancelled
