Re: Issues under FreeBSD 8.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/12/09 15:17 -0800, Corey Chandler wrote:
Dan White wrote:
On 02/12/09 10:03 -0800, Corey Chandler wrote:
I recently upgraded from FreeBSD 7.2 to 8.0. This resulted in a strange error with authdaemond when used in conjunction with postfix; I've rebuilt all of the packages, but the config they're using has worked since the 6.0 days.

I attempt to send a message using SASL and get the following in my logs (passwords and hashes have been consistently redacted; nothing else has been altered):

-- content of /usr/local/lib/sasl2/smtpd.conf --
pwcheck_method: authdaemond
log_level: 7
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemond/socket

Bloody hell, thought they were in the same logfile; my apologies. The issue is that while IMAP works correctly authenticating against authdaemond, any attempt I make to authenticate via SASL fails according to postfix, yet succeeds according to authdaemond.

As to logs, here you go:

Dec 2 15:10:03 alcatraz postfix/smtpd[16120]: warning: where.i.sit: address not listed for hostname HOSTNAME Dec 2 15:10:03 alcatraz postfix/smtpd[16120]: connect from unknown[where.i.sit] Dec 2 15:10:06 alcatraz postfix/smtpd[16120]: warning: SASL authentication failure: could not verify password Dec 2 15:10:06 alcatraz postfix/smtpd[16120]: warning: SASL authentication failure: Password verification failed Dec 2 15:10:06 alcatraz postfix/smtpd[16120]: warning: unknown[where.i.sit]: SASL PLAIN authentication failed: generic failure Dec 2 15:10:06 alcatraz authdaemond: Authenticated: sysusername=<null>, sysuserid=1008, sysgroupid=1008, homedir=/usr/local/virtual/, address=jay@xxxxxxxxxxxxxxx, fullname=Jay Chandler, maildir=sequestered.net/jay@xxxxxxxxxxxxxxx/, quota=1024000000S, options=<null> Dec 2 15:10:06 alcatraz authdaemond: Authenticated: clearpasswd=omgponies, passwd=$1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp1 Dec 2 15:10:06 alcatraz postfix/smtpd[16120]: warning: SASL authentication failure: could not verify password Dec 2 15:10:06 alcatraz postfix/smtpd[16120]: warning: unknown[where.i.sit]: SASL LOGIN authentication failed: generic failure Dec 2 15:10:06 alcatraz authdaemond: Authenticated: sysusername=<null>, sysuserid=1008, sysgroupid=1008, homedir=/usr/local/virtual/, address=jay@xxxxxxxxxxxxxxx, fullname=Jay Chandler, maildir=sequestered.net/jay@xxxxxxxxxxxxxxx/, quota=1024000000S, options=<null> Dec 2 15:10:06 alcatraz authdaemond: Authenticated: clearpasswd=omgponies, passwd=$1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp1

Per cyrus sasl source in lib/pwcheck.c, function authdaemon_build_query,
the following gets sent to authdaemond:

AUTH <size>
<service>
login
<user>
<password>

e.g.

AUTH 33
smtp
login
dwhite@xxxxxxx
secret

And expects to get a response which includes a line of 'FAIL\n' or '.\n'
(success). See function authdaemon_talk. e.g.:

USERNAME=dwhite@xxxxxxx
GID=1001
HOME=/home/dwhite@xxxxxxx
ADDRESS=dwhite@xxxxxxx
NAME=
PASSWD=$1xxxxxxxxxxxx
PASSWD2=secret
.

I was able to successfully test authentication on my Debian system, using
the following versions:

courier-authdaemon 0.62.4-1
libsasl2-2 2.1.23.dfsg1-2
postfix 2.5.5-1.1

with an authdaemond configuration of:

authmodulelist="authpam"
authmodulelistorig="authuserdb authpam authpgsql authldap authmysql
authcustom authpipe"
daemons=5
authdaemonvar=/var/run/courier/authdaemon
DEBUG_LOGIN=2
DEFAULTOPTIONS=""
LOGGEROPTS=""

and a postfix smtpd.conf (sasl) config of:
pwcheck_method: authdaemond
log_level: 7
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/courier/authdaemon/socket


Perhaps there's a code change within authdaemon or a config change that is
confusing the sasl library. I'm pasting a couple of perl scripts that might
help you troubleshoot your setup.

This script opens a unix domain socket and simply prints out whatever it
receives:



#!/usr/bin/perl
use strict; $|++;
use IO::Socket;

my $socketfile = $ARGV[0];

unlink $socketfile;
my $data;
my $server = IO::Socket::UNIX->new(Local => $socketfile,
                                   Type      => SOCK_STREAM,
                                   Listen    => 32 ) or die $!;
$server->autoflush(1);
while ( my $connection = $server->accept() ) {
  my $pid = fork();
  if ($pid == 0) { # child
    while (<$connection>) {
      print $_;
    }
  }
}
# Adapted from a script found at
# http://www.rexroof.com/blog/2005/09/unix-domain-sockets-in-perl.php


You could run on a specified socket file (such as /tmp/mysocket), and then
point authdaemond_path to it within Postfix to see what it's sending to
authdaemond.

This script opens a client unix domain connection to a specified socket,
and should allow you to speak directly to authdaemond and see what it is
returning:



#!/usr/bin/perl
use IO::Socket;             # new in 5.004

my $socket = shift || '/tmp/catsock';
$handle = IO::Socket::UNIX->new($socket)
        || die "can't connect to $socket: $!";
$handle->autoflush(1);
if (fork()) {               # XXX: undef means failure
    select($handle);
    print while <STDIN>;    # everything from stdin to socket
} else {
    print while <$handle>;  # everything from socket to stdout
}
close $handle;
exit;
# Adapted from a script found at
# http://www.perlmonks.org/?node=Can%20I%20use%20perl%20to%20run%20a%20telnet%20or%20ftp%20session%3F


--
Dan White

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux