Hello,
This is driving me insane. I suspect the answer is simple but I have been going around in circles and I no longer have an idea of the direction I'm facing.
I'm building a mailserver on Ubuntu 22.04, using cyrus-imapd 3.4.3, cyrus-sasl2 2.1.27, postfix 3.6.4 and pam-mysql 0.8.1
For these tests, I am running saslauthd in debug mode:
/usr/sbin/saslauthd -Vd -a pam -r -m /var/spool/postfix/var/run/saslauthd -n 5
I can authenticate with testsaslauthd:
testsaslauthd -u test -p test -r example.org -s imap -f /var/spool/postfix/var/run/saslauthd/mux
0: OK "Success."
The message from saslauthd is:
:auth success: [user=test@xxxxxxxxxxx] [service=imap] [realm=example.org] [mech=pam]
This shows that saslauthd is correctly interpreting the -r option and concatenating the user and realm.
However, if I use imtest, I get a very different result:
/usr/lib/cyrus/bin/imtest -a test -r example.org -w test
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=LOGIN AUTH=PLAIN SASL-IR] www.example.org Cyrus IMAP 3.4.3-dirty-Debian-3.4.3-3build2 server ready
C: A01 AUTHENTICATE PLAIN AHRlc3QAdGVzdA==
S: A01 NO authentication failure
Authentication failed. generic failure
saslauthd says:
:auth failure: [user=test] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
If I get smart and try to include the domain in the username, saslauthd sees my feeble attempt to outwit it, and laughs:
/usr/lib/cyrus/bin/imtest -a test@xxxxxxxxxxx -w test
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=LOGIN AUTH=PLAIN SASL-IR] www.example.org Cyrus IMAP 3.4.3-dirty-Debian-3.4.3-3build2 server ready
C: A01 AUTHENTICATE PLAIN AHRlc3RAYW50aW9jaGJpaS5vcmcudWsAdGVzdA==
S: A01 NO authentication failure
Authentication failed. generic failure
saslauthd says:
:auth failure: [user=test] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
It would appear that saslauthd is not receiving the realm from the imap server, no matter how the realm is presented to imtest.
In my imapd.conf, the relevant options are set:
defaultdomain: example.org
loginrealms: example.org
sasl_mech_list: LOGIN PLAIN
sasl_pwcheck_method: saslauthd
sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
I'm at my wit's end, and I never had all that many wits to begin with.
Grateful for any assistance!
