root@cyrus3:~ # ls -la /var/run/saslauthd/ total 13 drwxr-x--- 2 cyrus saslauth 5 Jan 30 21:40 . drwxr-xr-x 6 root wheel 15 Jan 30 21:40 .. srwxrwxrwx 1 root saslauth 0 Jan 30 21:40 mux -rw------- 1 root saslauth 0 Jan 30 21:40 mux.accept -rw------- 1 root saslauth 6 Jan 30 21:40 saslauthd.pid
> Am 30.01.2018 um 23:23 schrieb Ken Murchison <mu...@fastmail.com>: > > Hi Michael, > > What are the permissions on the socket that saslauthd is listening on? > > > > On 01/30/2018 05:06 PM, Michael Rüger wrote: >> Hi >> >> (btw. i was Guest39278 on IRC yesterday and got the chance to introduce >> myself on googletalk) >> >> I’m trying to set up imapd to use saslauthd for authentication. >> >> I have already a running saslauthd which uses PAM. I can run this >> >> root@cyrus3:/ # testsaslauthd -u mike -p mike >> 0: OK "Success.“ >> >> and if i run >> >> root@cyrus3:/ # testsaslauthd -u mike -p abc >> 0: NO "authentication failed“ >> >> i get that logged in auth.log like this >> >> Jan 30 21:43:53 cyrus3 saslauthd[88721]: do_auth : auth failure: >> [user=mike] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] >> >> In imapd.conf i have >> >> sasl_pwcheck_method: saslauthd >> >> Now i’m authenticate against imapd >> >> root@cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost >> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED >> AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] >> cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me/> Cyrus IMAP 3.0.5 >> server ready >> C: S01 STARTTLS >> S: S01 OK Begin TLS negotiation now >> verify error:num=18:self signed certificate >> TLS connection established: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 >> (256/256 bits) >> C: C01 CAPABILITY >> S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA >> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN >> MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ >> SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS >> ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS >> LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE >> CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY >> AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN >> AUTH=LOGIN SASL-IR COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE >> X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE >> S: C01 OK Completed >> C: A01 AUTHENTICATE SCRAM-SHA-1 >> bixhPW1pa2Usbj1taWtlLHI9Z2Z1Ukp1cVc1Z1BybHhaWTdFcjVYUDR2WUtuMVhRNHc= >> S: A01 NO authentication failure >> Authentication failed. generic failure >> Security strength factor: 256 >> >> Nothing is reported in auth.conf >> >> If i do this >> >> root@cyrus3:~ # saslpasswd2 -c m...@cyrus3.intern.rueger.me >> <mailto:m...@cyrus3.intern.rueger.me> >> …<entering „mike“ twice here> >> root@cyrus3:~ # imtest -t "" -u mike -a mike -w mike localhost >> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED >> AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM SASL-IR] >> cyrus3.intern.rueger.me <http://cyrus3.intern.rueger.me/> Cyrus IMAP 3.0.5 >> server ready >> C: S01 STARTTLS >> … >> Authenticated. >> Security strength factor: 256 >> >> it is working against local db BUT NOT against saslauthd. >> >> How do i setup imapd to talk to saslauthd? >> >> BTW i’m using >> * cyrus-imapd30-3.0.5 >> * cyrus-sasl-2.1.26_13 >> * cyrus-sasl-saslauthd-2.1.26_3 >> on FreeBSD 11.1 >> >> Thank you for any help, >> Mike >> > > -- > Ken Murchison > Cyrus Development Team > FastMail US LLC > <murch.vcf>
signature.asc
Description: Message signed with OpenPGP
