Dan White schreef:
> On 13/08/09 16:56 +0200, Paul van der Vlis wrote:
>>>> Aug 13 11:27:40 sigmund saslauthd[12960]: do_auth : auth
>>>> failure: [user=root] [service=sieve] [realm=] [mech=pam] [reason=PAM
>>>> auth error]
>>>>
>>>
>>> testsaslauthd -u username -p password
>>> testsaslauthd -u username -p password -s sieve
>>> testsaslauthd -u username -p password -s imap
>>>
>>> Do you get different answers?
>>
>> No, they give all: 0: OK "Success." when I do it as root or as user
>> cyrus.
>>
>> But when I execute "testsaslauthd" as another user, it fails with a
>> "connect() : Permission denied".
>> But this is also the case on the other machine what works correct.
>
> It looks like you're configured to allow members of the sasl group to
> access the saslauthd mux, so that error is to be expected.
>
>> sasl_mech_list: PLAIN
>> sasl_minimum_layer: 0
>> #sasl_maximum_layer: 256
>> sasl_pwcheck_method: saslauthd
>> #sasl_auxprop_plugin: sasldb
>> sasl_auto_transition: no
>>
>> /etc/default/saslauthd:
>> START=yes
>> MECHANISMS="pam"
>> MECH_OPTIONS=""
>> THREADS=5
>> OPTIONS="-c"
>>
>> Maybe this is important:
>> sigmund:~# ls -ld /var/run/saslauthd
>> lrwxrwxrwx 1 root root 37 2009-07-22 14:01 /var/run/saslauthd ->
>> /var/spool/postfix/var/run/saslauthd/
>> sigmund:~# ls -ld /var/spool/postfix/var/run/saslauthd/
>> drwx--x--- 2 root sasl 200 2009-07-22 14:02
>> /var/spool/postfix/var/run/saslauthd/
>> sigmund:~# ls -l /var/spool/postfix/var/run/saslauthd/
>> total 929
>> -rw------- 1 root root 0 2009-07-22 14:02 cache.flock
>> -rw------- 1 root root 945152 2009-07-22 14:02 cache.mmap
>> srwxrwxrwx 1 root root 0 2009-07-22 14:02 mux
>> -rw------- 1 root root 0 2009-07-22 14:02 mux.accept
>> -rw------- 1 root root 6 2009-07-22 14:02 saslauthd.pid
>
> Looks fine.
>
> I wonder if timsieved is calling saslauthd with different options,
> like with a realm.
>
> I'd be curious what you're seeing when saslauthd is in debug mode.
I used the "-d" option in /etc/default/saslauthd and restarted saslauthd.
In another terminal I tried sivtest, where the authentication was wrong.
But, in the debug I see that the authentication was OK for saslauthd.
---------
paul@sigmund:/root$ sivtest -v localhost
S: "IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-5.1"
S: "SASL" "PLAIN"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify
subaddress relational regex"
S: "STARTTLS"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {20+}
AHBhdWwAZXJ1NGJjZw==
S: NO "Authentication Error"
Authentication failed. generic failure
Security strength factor: 0
---------
----------
sigmund:/etc/pam.d# /etc/init.d/saslauthd restart
Restarting SASL Authentication Daemon: saslauthdsaslauthd[29778] :main
: num_procs : 5
saslauthd[29778] :main : mech_option: NULL
saslauthd[29778] :main : run_path : /var/run/saslauthd
saslauthd[29778] :main : auth_mech : pam
saslauthd[29778] :cache_alloc_mm : mmaped shared memory segment on
file: /var/run/saslauthd/cache.mmap
saslauthd[29778] :cache_init : bucket size: 92 bytes
saslauthd[29778] :cache_init : stats size : 36 bytes
saslauthd[29778] :cache_init : timeout : 28800 seconds
saslauthd[29778] :cache_init : cache table: 944764 total bytes
saslauthd[29778] :cache_init : cache table: 1711 slots
saslauthd[29778] :cache_init : cache table: 10266 buckets
saslauthd[29778] :cache_init_lock : flock file opened at
/var/run/saslauthd/cache.flock
saslauthd[29778] :ipc_init : using accept lock file:
/var/run/saslauthd/mux.accept
saslauthd[29778] :detach_tty : master pid is: 0
saslauthd[29778] :ipc_init : listening on socket:
/var/run/saslauthd/mux
saslauthd[29778] :main : using process model
saslauthd[29779] :get_accept_lock : acquired accept lock
saslauthd[29778] :have_baby : forked child: 29779
saslauthd[29778] :have_baby : forked child: 29780
saslauthd[29778] :have_baby : forked child: 29781
saslauthd[29778] :have_baby : forked child: 29782
saslauthd[29779] :rel_accept_lock : released accept lock
saslauthd[29780] :get_accept_lock : acquired accept lock
saslauthd[29779] :cache_get_rlock : attempting a read lock on slot: 1682
saslauthd[29779] :cache_lookup : [login=paul] [service=]
[realm=sieve]: not found, update pending
saslauthd[29779] :cache_un_lock : attempting to release lock on slot: 1682
saslauthd[29779] :cache_get_wlock : attempting a write lock on slot: 1682
saslauthd[29779] :cache_commit : lookup committed
saslauthd[29779] :cache_un_lock : attempting to release lock on slot: 1682
saslauthd[29779] :do_auth : auth success: [user=paul]
[service=sieve] [realm=] [mech=pam]
saslauthd[29779] :do_request : response: OK
----------
With regards,
Paul van der Vlis.
--
http://www.vandervlis.nl/
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
