Re:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kővári János wrote:
> I have a postfix relay server and a (local) cyrus imap server on the 
> same machine. Everything was fine until I thought, I change the imap 
> authentication from sasldb to saslauth, to have global authentication 
> on postfix and cyrus.
> Postfix uses saslauthd, which is configured for PAM. It works 
> perfectly, with plain/login/cram/digest mechanisms, with or without 
> tls/ssl, absolutely no problems with it. Saslauth tests are all fine 
> obviously.
> So I decided to use this with cyrus imap too. Set it to use the same 
> saslauth daemon, and plain, login, cram-md5 and digest-md5 mechs.
> Since then, I can not login with plain or login mechs, because they 
> aren't being offered at all by cyrus imapd. I can login with cram or 
> digest fine.
> I understand that plain login isn't offered by default, only after a 
> successfull tls session setup, but if I understand correctly, the 
> "allowplaintext: yes" option should still force imapd to offer plain 
> logins. But it doesn't. I tried it with different sasl_min|max_levels, 
> to no avail.
> This is the first thing I don't understand.
> The second is: after establishing a tls or ssl connection, plain and 
> login are offered, but I can not login with these mechs.
> (I'm using imtest to test it all.)
> However, with "testsaslauth", I am able to authenticate fine.
>
> I'm quite new to cyrus and linux systems, but I read all kinds of 
> manuals and FAQs nd documentation, and googled a lot, but I was unable 
> to find the culprit. So you are my last hope.
> If nothing else works, I leave it as is, with digest and cram it works 
> and it's more secure. Or I go back to sasldb, which is less 
> comfortable for me...

Please include the following information, so we can get a better idea of 
your setup:

Postfix and Cyrus IMAP version
Postfix SASL config:
  grep sasl main.cf
  cat /etc/postfix/sasl/smtpd.conf (or wherever smtpd.conf it located on 
your system)

Your cyrus imap.conf config

saslauthd does not support cram-md5 or digest-md5, so you may be (also) 
using the sasldb auxprop in Postfix.

- Dan
Hello Dan,

Postfix version: 2.5.4
Cyrus IMAP version: 2.2.13

cat /etc/postfix/main.cf | grep sasl
smtpd_client_restrictions = permit_sasl_authenticated, reject
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relaypw
broken_sasl_auth_clients = yes

cat /etc/postfix/sasl/smtpd.conf
saslauthd_version: 2
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5

cat /etc/imapd.conf
configdirectory: /var/lib/cyrus
imap_admins: cyrus jani
hashimapspool: 1
idlemethod: poll
popminpoll: 1
allowplaintext: yes
allowanonymouslogin: no
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
sasl_auto_transition: no
tls_cert_file: /etc/ssl/certs/some_server.pem
tls_key_file: /etc/ssl/private/some_server.key
tls_ca_path: /etc/ssl/certs/demoCA
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL: @STRENGTH
sievedir: /var/spool/sieve
sieveusehomedir: false
lmtpsocket: /var/run/cyrus/socket/lmtp
lmtp_downcase_rcpt: yes
notifysocket: /var/run/cyrus/socket/notify
partition-default: /var/spool/cyrus/mail
autocreatequota: 100
newsspool: /var/spool/news
partition-something: /media/data/cyrus
admins: cyrus jani
idlesocket: /var/run/cyrus/socket/idle
autocreatequota_units: 1048576
syslog_prefix: cyrus
unixhierarchysep: 1
umask: 077

cat /etc/default/saslauthd
START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
#(I think the options line is wrong, the -m part is unneded, but it was like that, and it works...)

ps -ef | grep saslauthd
root      5142     1  0 07:50 ?        00:00:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -n 5
root      5144  5142  0 07:50 ?        00:00:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -n 5
root      5146  5142  0 07:50 ?        00:00:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -n 5
root      5147  5142  0 07:50 ?        00:00:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -n 5
root      5148  5142  0 07:50 ?        00:00:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -n 5

What do i do wrong?

Regards,
Janos
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux