Re: imapd is not talking to saslauthd

Ken Murchison <murch@xxxxxxxxxxxx> · Tue, 30 Jan 2018 17:23:20 -0500



    Hi Michael,
    What are the permissions on the socket that saslauthd is
      listening on?
    

    On 01/30/2018 05:06 PM, Michael Rüger
      wrote:

    
      Hi
      

      (btw. i was Guest39278 on IRC yesterday and got the
        chance to introduce myself on googletalk)
      

      I’m trying to set up imapd to use saslauthd for
        authentication.
      

      I have already a running saslauthd which uses PAM. I
        can run this
      

        root@cyrus3:/ #
            testsaslauthd -u mike -p mike
        0: OK "Success.“
      
      
      and if i run
      

        root@cyrus3:/ #
            testsaslauthd -u mike -p abc
        0: NO
            "authentication failed“
      
      
      i get that logged in auth.log like this
      

      Jan 30 21:43:53
          cyrus3 saslauthd[88721]: do_auth         : auth failure:
          [user=mike] [service=imap] [realm=] [mech=pam] [reason=PAM
          auth error]
      

      In imapd.conf i have
      

      sasl_pwcheck_method:
          saslauthd
      

      Now i’m authenticate against imapd
      

        root@cyrus3:~ #
            imtest -t "" -u mike -a mike -w mike localhost
        S: * OK
            [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS
            LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5
            AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me
            Cyrus IMAP 3.0.5 server ready
        C: S01 STARTTLS
        S: S01 OK Begin
            TLS negotiation now
        verify
            error:num=18:self signed certificate
        TLS connection
            established: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
            (256/256 bits)
        C: C01
            CAPABILITY
        S: * CAPABILITY
            IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA
            MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME
            UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE
            ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID
            THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS
            ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED
            LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN
            XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1
            X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=SCRAM-SHA-1
            AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN
            AUTH=LOGIN SASL-IR COMPRESS=DEFLATE X-QUOTA=STORAGE
            X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE
            X-QUOTA=X-NUM-FOLDERS IDLE
        S: C01 OK
            Completed
        C: A01
            AUTHENTICATE SCRAM-SHA-1
            bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=
        S: A01 NO
            authentication failure
        Authentication
            failed. generic failure
        Security
            strength factor: 256
      
      
      Nothing is reported in auth.conf
      

      If i do this
      

      root@cyrus3:~ #
          saslpasswd2 -c mike@xxxxxxxxxxxxxxxxxxxxxxx
      …<entering
          „mike“ twice here>
      root@cyrus3:~ #
          imtest -t "" -u mike -a mike -w mike localhost
      S: * OK
          [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS
          LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5
          AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me
          Cyrus IMAP 3.0.5 server ready
      C: S01 STARTTLS
      …
      
        Authenticated.
        Security
            strength factor: 256
      
      
      it is working against local db BUT NOT against
        saslauthd.
      

      How do i setup imapd to talk to saslauthd?
      

      BTW i’m using 
      * cyrus-imapd30-3.0.5
      * cyrus-sasl-2.1.26_13
      * cyrus-sasl-saslauthd-2.1.26_3
      on FreeBSD 11.1
      

      Thank you for any help,
      Mike
      

    -- 
Ken Murchison
Cyrus Development Team
FastMail US LLC
  

null