Hi,
Usually this has something to do with permissions. Are you able to read / write the saslauthd socket (as the cyrus user)?
Regards,
Matthijs
On 23/07/2023 15:09, rheggs@xxxxxxxxx wrote:
Usually this has something to do with permissions. Are you able to read / write the saslauthd socket (as the cyrus user)?
Regards,
Matthijs
On 23/07/2023 15:09, rheggs@xxxxxxxxx wrote:
Hello,This is driving me insane. I suspect the answer is simple but I have been going around in circles and I no longer have an idea of the direction I'm facing.I'm building a mailserver on Ubuntu 22.04, using cyrus-imapd 3.4.3, cyrus-sasl2 2.1.27, postfix 3.6.4 and pam-mysql 0.8.1For these tests, I am running saslauthd in debug mode:/usr/sbin/saslauthd -Vd -a pam -r -m /var/spool/postfix/var/run/saslauthd -n 5I can authenticate with testsaslauthd:testsaslauthd -u test -p test -r example.org -s imap -f /var/spool/postfix/var/run/saslauthd/mux0: OK "Success."The message from saslauthd is::auth success: [user=test@xxxxxxxxxxx] [service=imap] [realm=example.org] [mech=pam]This shows that saslauthd is correctly interpreting the -r option and concatenating the user and realm.However, if I use imtest, I get a very different result:/usr/lib/cyrus/bin/imtest -a test -r example.org -w testS: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=LOGIN AUTH=PLAIN SASL-IR] www.example.org Cyrus IMAP 3.4.3-dirty-Debian-3.4.3-3build2 server readyC: A01 AUTHENTICATE PLAIN AHRlc3QAdGVzdA==S: A01 NO authentication failureAuthentication failed. generic failuresaslauthd says::auth failure: [user=test] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]If I get smart and try to include the domain in the username, saslauthd sees my feeble attempt to outwit it, and laughs:/usr/lib/cyrus/bin/imtest -a test@xxxxxxxxxxx -w testS: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=LOGIN AUTH=PLAIN SASL-IR] www.example.org Cyrus IMAP 3.4.3-dirty-Debian-3.4.3-3build2 server readyC: A01 AUTHENTICATE PLAIN AHRlc3RAYW50aW9jaGJpaS5vcmcudWsAdGVzdA==S: A01 NO authentication failureAuthentication failed. generic failuresaslauthd says::auth failure: [user=test] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]It would appear that saslauthd is not receiving the realm from the imap server, no matter how the realm is presented to imtest.In my imapd.conf, the relevant options are set:defaultdomain: example.orgloginrealms: example.orgsasl_mech_list: LOGIN PLAINsasl_pwcheck_method: saslauthdsasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/muxI'm at my wit's end, and I never had all that many wits to begin with.Grateful for any assistance!
