What
are the
permissions on
the socket that
saslauthd is
listening on?
On
01/30/2018 05:06
PM, Michael
Rüger wrote:
Hi
(btw.
i
was Guest39278
on IRC
yesterday and
got the chance
to introduce
myself on
googletalk)
I’m
trying to set
up imapd to
use saslauthd
for
authentication.
I
have already a
running
saslauthd
which uses
PAM. I can run
this
root@cyrus3:/
#
testsaslauthd
-u mike -p
mike
0: OK
"Success.“
and
if i run
root@cyrus3:/
#
testsaslauthd
-u mike -p abc
0: NO
"authentication
failed“
i
get that
logged in
auth.log like
this
Jan 30
21:43:53
cyrus3
saslauthd[88721]:
do_auth
: auth
failure:
[user=mike]
[service=imap]
[realm=]
[mech=pam]
[reason=PAM
auth error]
In
imapd.conf i
have
sasl_pwcheck_method:
saslauthd
Now
i’m
authenticate
against imapd
root@cyrus3:~
# imtest -t ""
-u mike -a
mike -w mike
localhost
S: * OK
[CAPABILITY
IMAP4rev1
LITERAL+ ID
ENABLE
STARTTLS
LOGINDISABLED
AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me
Cyrus IMAP
3.0.5 server
ready
C: S01
STARTTLS
S: S01 OK
Begin TLS
negotiation
now
verify
error:num=18:self
signed
certificate
TLS
connection
established:
TLSv1.2 with
cipher
ECDHE-RSA-AES256-GCM-SHA384
(256/256 bits)
C: C01
CAPABILITY
S: *
CAPABILITY
IMAP4rev1
LITERAL+ ID
ENABLE ACL
RIGHTS=kxten
QUOTA
MAILBOX-REFERRALS
NAMESPACE
UIDPLUS
NO_ATOMIC_RENAME
UNSELECT
CHILDREN
MULTIAPPEND
BINARY
CATENATE
CONDSTORE
ESEARCH
SEARCH=FUZZY
SORT
SORT=MODSEQ
SORT=DISPLAY
SORT=UID
THREAD=ORDEREDSUBJECT
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1
METADATA
LIST-EXTENDED
LIST-STATUS
LIST-MYRIGHTS
LIST-METADATA
WITHIN QRESYNC
SCAN XLIST
XMOVE MOVE
SPECIAL-USE
CREATE-SPECIAL-USE
DIGEST=SHA1
X-REPLICATION
URLAUTH
URLAUTH=BINARY
AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN
AUTH=LOGIN
SASL-IR
COMPRESS=DEFLATE
X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS
IDLE
S: C01 OK
Completed
C: A01
AUTHENTICATE
SCRAM-SHA-1
bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc=
S: A01 NO
authentication
failure
Authentication
failed.
generic
failure
Security
strength
factor: 256
Nothing
is reported in
auth.conf
If
i do this
…<entering
„mike“ twice
here>
root@cyrus3:~
# imtest -t ""
-u mike -a
mike -w mike
localhost
S: * OK
[CAPABILITY
IMAP4rev1
LITERAL+ ID
ENABLE
STARTTLS
LOGINDISABLED
AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] cyrus3.intern.rueger.me
Cyrus IMAP
3.0.5 server
ready
C: S01
STARTTLS
…
Authenticated.
Security
strength
factor: 256
it
is working
against local
db BUT NOT
against
saslauthd.
How
do i setup
imapd to talk
to saslauthd?
BTW
i’m using
* cyrus-imapd30-3.0.5
* cyrus-sasl-2.1.26_13
*
cyrus-sasl-saslauthd-2.1.26_3
on
FreeBSD 11.1
Thank
you for any
help,
Mike