Re: mysql auxprop redhat 8.0 authentication problems
Hmmm, looks like that was it, thanks much for the second pair of eyes! Just can't seem to see those things at 4am!?!? Ohh well, some more wasted disk space for the archives... :) Thanks again, LukeJ. Chris Hilts wrote: sasl_mysql_statement: select pass from email where eaddr ='%u' and mid=1 and active=1" Well, assuming this isn't a transcription typo, you've got an unbalanced quote at the end of your statement.
mysql auxprop redhat 8.0 authentication problems
Howdy,
Problem:
So, I'm setting up a new Cyrus server, pretty standard config (see below)
It seems that in Simon's mysql auxprop code, the mysql_query() is failing. I'm always getting back a -1 (error) result
I'm about to write a test program, to try the mysql libs away from sasl, and see if I can isolate the problem.
So guess I'm just wondering if anybody else has this setup and ran into a similar situation???
Be real nice if there was something small missing, and my authentication would start working tomorrow... ;)
(incidentally, I'm trying against a mysql server that is currently authenticating corectly now for a similar setup: RH7.3, cyrus-imapd-2.19, sasl-2.1.7 w/mysql auxprop)
Finally, I did check both the cyrus-sasl and info-cyrus lists, didn't seem to see any mention of a similar problem...
Hmmm, any advice appreciated, and thanks in advance,
LukeJ.
cyrus-sasl-2.1.10
./configure \
--sysconfdir=/usr/local/etc \
--disable-krb4 \
--with-dbpath=/usr/local/etc/sasldb \
--includedir=/usr/local/include \
--enable-plain \
--enable-login \
--disable-java \
--disable-gssapi \
--with-mysql=/usr \
--without-pam \
--with-rc4=openssl \
--with-mysqlauxprop \
--with-saslauthd \
--with-bdb-incdir=/usr/local/include/db4 \
--with-bdb-libdir=/usr/local/lib
cyrus-imapd-2.1.11
./configure \
--prefix=/usr/include \
--with-cyrus-prefix=/usr/cyrus \
--with-dbdir=/usr/local \
--with-cyrus-group=mail \
--with-cyrus-user=cyrus \
--with-auth=unix \
--without-zephyr \
--with-com-err \
--with-ucdsnmp=/usr/lib \
--with-sasl=/usr/include
[root@mail cyrus-sasl-2.1.10]# rpm -qa | grep mysql
mysql-3.23.54a-4
mysql-devel-3.23.54a-4
mysql-server-3.23.54a-4
...and RedHat 8.0 with errata RPMs (mysql, etc...),
...and of course followed the setup guides (ie /usr/lib/sasl2 -> /usr/local/lib/sasl2)...
--
imapd.conf:
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
umask: 077
quotawarn: 90
#going to use mysql... don't need saslauthd
#sasl_pwcheck_method: saslauthd
sasl_pwcheck_method: auxprop
### Get auth directly from xxx - START ###
sasl_mysql_hostnames: 208.xxx.xxx.xxx
sasl_mysql_user: authuser
sasl_mysql_passwd: xxx
sasl_mysql_database: xxx
sasl_mysql_statement: select pass from email where eaddr ='%u' and mid=1 and active=1"
### Get auth directly from xxx - END ###
sasl_mysql_verbose: true
--
code (sorry if it wraps badly):
/* create a statment that we will use */
query = mysql_create_statement(sparams, settings->mysql_statement, realname,escap_userid, escap_realm);
if (settings->mysql_verbose)
sparams->utils->log(NULL, SASL_LOG_WARN, "mysql plugin doing query: %s\n", query);
/* run the query */
int qresult;
if ( (qresult = mysql_query(sock,query)) < 0 || !(result=mysql_store_result(sock))) {
sparams->utils->free(query);
if (settings->mysql_verbose)
sparams->utils->log(NULL, SASL_LOG_WARN, "LHJ - mysql query returned: result:%i store:%i\n", qresult,result);
continue;
}
--
logs:
Jan 28 04:11:22 bhmail imapd[4375]: mysql auxprop plugin has been requested
Jan 28 04:11:22 bhmail imapd[4375]: mysql plugin Parse the username luke
Jan 28 04:11:22 bhmail imapd[4375]: mysql plugin try and connect to a host
Jan 28 04:11:22 bhmail imapd[4375]: mysql plugin try and connect to 208.xxx.xxx.xxx
Jan 28 04:11:22 bhmail imapd[4375]: mysql plugin create statement from realname:userPassword uid:luke realm:mail.xxx.com
Jan 28 04:11:22 bhmail imapd[4375]: mysql plugin doing query: select pass from email where eaddr ='luke' and mid=1 and active=1"
Jan 28 04:11:22 bhmail imapd[4375]: LHJ - mysql query returned: result:-1 store:0
Jan 28 04:11:22 bhmail imapd[4375]: mysql plugin create statement from realname:cmusaslsecretPLAIN uid:luke realm:mail.xxx.com
Jan 28 04:11:22 bhmail imapd[4375]: mysql plugin doing query: select pass from email where eaddr ='luke' and mid=1 and active=1"
Jan 28 04:11:22 bhmail imapd[4375]: LHJ - mysql query returned: result:-1 store:0
Jan 28 04:11:22 bhmail imapd[4375]: unable to open Berkeley db /usr/local/etc/sasldb: No such file or directory
Jan 28 04:11:22 bhmail imapd[4375]: unable to open Berkeley db /usr/local/etc/sasldb: No such file or directory
Jan 28 04:11:22 bhmail imapd[4375]: mysql plugin Parse the username luke
Jan 28 04:11:22 bhmail imapd[4375]: mysql plugin try and connect to a host
Jan 28 04:11:22 bhmail imapd[4375]: mysql plugin try and connect to 208.xxx.xxx.xxx
Jan 28 04:11:22 bhmail imapd[4375]: badlogin: localhost.localdomain[127.0.0.1] plaintext luke SASL(-13): user not found: checkpass failed
--
Re: More on RedHat 8.0, Cyrus compile problems
So... How about some free advice then... :) In the List's opinion... starting from scratch, which is better (for a production server)... RH8.0/gcc3.x and CVS cyrus packages or RH7.3/gcc2.x and stable cyrus-imapd-2.1.9/cyrus-sasl-2.1.7 Will gcc3.x be the 'new, have to have thing' and handy for possible future cyrus upgrades, or for a production server is predictabilty of gcc2.x and the stable packages more important? Also, this dove-tails into the start of this thread about known RH7.3 versus a x.0 release, with the difference of this is a new setup, no prexisting machine to consider. My new box will be a mail only box, so probably little chance of running into many buggy packages. So would 8.0 be worth a try, since it contains lots of new stuff (sendmail, berkley, etc), or stick to patched up RH7.3? (BTW, Our shop is all Redhat, so no flames about changing that..out of my hands) Thanks again, (esp. to Ken for my first answer!) LukeJ. Ken Murchison wrote: > No released version of Cyrus and SASL will work with gcc3. You'll have > to grab both from CVS. > > > Luke Johnson wrote: > >>Hey there, having a little compile problem, think it might be gcc3.2 ... >> >>I'm wondering if anybody has a real simple solution that I'm missing, or >>maybe even similar experiences? Well, here's the story: >> >>Just put together a cyrus-imapd-2.1.9/cyrus-sasl-2.1.7 box last week on >>RH7.3 with the following configurations, and had zero problems - >> >>[root@newmail cyrus-sasl-2.1.7]# ./configure --sysconfdir=/usr/local/etc >>--disable-krb4 --with-dbpath=/usr/local/etc/sasldb >>--includedir=/usr/local/include --enable-plain --enable-login >>--disable-java --disable-gssapi --with-mysql=/usr/lib/mysql >>--without-pam --with-rc4=openssl --with-saslauthd >>--with-bdb-incdir=/usr/local/include/db4 >>--with-bdb-libdir=/usr/local/lib --includedir=/usr/include/mysql >> >>[root@newmail cyrus-imapd-2.1.9]# ./configure >>--with-cyrus-prefix=/usr/cyrus --with-dbdir=/usr/local >>--with-cyrus-group=mail --with-auth=unix --without-zephyr >>--with-com-err --with-auth=unix --with-ucdsnmp=/usr/lib >>--with-sasl=/usr/local/include >> >>Decided to redo the same setup this week on RH8.0, same packages, same >>configures. Things blew up... >> >>[root@newmail cyrus-sasl-2.1.7]# make >>make all-recursive >>make[1]: Entering directory `/home/luke/cyrus-sasl-2.1.7' >>Making all in include >>make[2]: Entering directory `/home/luke/cyrus-sasl-2.1.7/include' >>make[2]: Nothing to be done for `all'. >>make[2]: Leaving directory `/home/luke/cyrus-sasl-2.1.7/include' >>Making all in sasldb >>make[2]: Entering directory `/home/luke/cyrus-sasl-2.1.7/sasldb' >>gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I/usr/local/include >>-I/usr/lib/mysql -Wall -W -g -O2 -c ../sasldb/db_none.c >>cc1: warning: changing search order for system directory >>"/usr/local/include" >>cc1: warning: as it has already been specified as a non-system directory >>In file included from /usr/include/sys/uio.h:29, >> from /usr/include/sys/socket.h:27, >> from ../config.h:352, >> from ../sasldb/db_none.c:46: >>/usr/include/bits/uio.h:43: redefinition of `struct iovec' >>make[2]: *** [../sasldb/db_none.o] Error 1 >>make[2]: Leaving directory `/home/luke/cyrus-sasl-2.1.7/sasldb' >>make[1]: *** [all-recursive] Error 1 >>make[1]: Leaving directory `/home/luke/cyrus-sasl-2.1.7' >>make: *** [all-recursive-am] Error 2 >>[root@newmail cyrus-sasl-2.1.7]# >> >>Initially I fixed this error by commenting out some stuff in uio.h, but >>I just ran into more library errors (lots of warnings, and eventually a >>missing function definition) after that, decided to stop and email the >>list before I spent all day massaging libraries and configs... >> >>Anybody see a simple error on my part (that would be nice), or know if >>there is a issue at large with the Cyrus/Redhat distributions? >> >>Thanks, >>LukeJ. > >
More on RedHat 8.0, Cyrus compile problems
Hey there, having a little compile problem, think it might be gcc3.2 ... I'm wondering if anybody has a real simple solution that I'm missing, or maybe even similar experiences? Well, here's the story: Just put together a cyrus-imapd-2.1.9/cyrus-sasl-2.1.7 box last week on RH7.3 with the following configurations, and had zero problems - [root@newmail cyrus-sasl-2.1.7]# ./configure --sysconfdir=/usr/local/etc --disable-krb4 --with-dbpath=/usr/local/etc/sasldb --includedir=/usr/local/include --enable-plain --enable-login --disable-java --disable-gssapi --with-mysql=/usr/lib/mysql --without-pam --with-rc4=openssl --with-saslauthd --with-bdb-incdir=/usr/local/include/db4 --with-bdb-libdir=/usr/local/lib --includedir=/usr/include/mysql [root@newmail cyrus-imapd-2.1.9]# ./configure --with-cyrus-prefix=/usr/cyrus --with-dbdir=/usr/local --with-cyrus-group=mail --with-auth=unix --without-zephyr --with-com-err --with-auth=unix --with-ucdsnmp=/usr/lib --with-sasl=/usr/local/include Decided to redo the same setup this week on RH8.0, same packages, same configures. Things blew up... [root@newmail cyrus-sasl-2.1.7]# make make all-recursive make[1]: Entering directory `/home/luke/cyrus-sasl-2.1.7' Making all in include make[2]: Entering directory `/home/luke/cyrus-sasl-2.1.7/include' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/luke/cyrus-sasl-2.1.7/include' Making all in sasldb make[2]: Entering directory `/home/luke/cyrus-sasl-2.1.7/sasldb' gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I/usr/local/include -I/usr/lib/mysql -Wall -W -g -O2 -c ../sasldb/db_none.c cc1: warning: changing search order for system directory "/usr/local/include" cc1: warning: as it has already been specified as a non-system directory In file included from /usr/include/sys/uio.h:29, from /usr/include/sys/socket.h:27, from ../config.h:352, from ../sasldb/db_none.c:46: /usr/include/bits/uio.h:43: redefinition of `struct iovec' make[2]: *** [../sasldb/db_none.o] Error 1 make[2]: Leaving directory `/home/luke/cyrus-sasl-2.1.7/sasldb' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/luke/cyrus-sasl-2.1.7' make: *** [all-recursive-am] Error 2 [root@newmail cyrus-sasl-2.1.7]# Initially I fixed this error by commenting out some stuff in uio.h, but I just ran into more library errors (lots of warnings, and eventually a missing function definition) after that, decided to stop and email the list before I spent all day massaging libraries and configs... Anybody see a simple error on my part (that would be nice), or know if there is a issue at large with the Cyrus/Redhat distributions? Thanks, LukeJ.
New Cyrus Setup Recommendations Please
< Only got a single reply first time I posted this. Thought maybe now a bit after the holidays I could get a few more > Hello Everybody, I'm looking for a few thoughts from realworld/enterprise/experienced/etc Cyrus users. I made a list of a whole bunch of questions to avoid annoying the maillist. Please feel free to answer all/any/none of these. First off our setup: Midsized ISP, ~15,000 email accounts (just cyrus, no real machine accounts), probably a 100 or less simultaneous connections, single mail server (although seperate SMTP relay for outbound). Currently we have an older RedHat/sendmail/cyrus setup (1.5ish I think) that hits a BerkleyDB file. We want the new machine to use a MySqlDB on a remote machine for auth, and possibly would like to support virtual domains with ONE server/daemon ([EMAIL PROTECTED], [EMAIL PROTECTED]). We're still growing but shouldn't have to scale beyond 50k accounts in the forseeable future. So the questions: Cyrus version? The stable 2.0.16 sounds nice, but so does 2.1.0 with it's ALTNAMESPACE/HEIRSEP ability. Pros/Cons, good patches, stability, bugs? Good MTAs? We've been using the defacto Sendmail with RH, but from what I've read Exim has nice filter features (ie virus), and I know nothing about Postfix or Qmail. Performance, Setup time, stability, cyrus compatibility? Auth Methods? Ugghh, this seems to be a pain. On another server we have a hacked PAM module hitting a MysqlDB, which would seem to continue to work with SASL=PLAIN, but not too secure. I've read some about using the LDAP to help with virtual domains (http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=8020), which seems nice. And there's the LDAP-Mysql patch, but not for the 2.x SASL versions (required for Cyrus imapd 2.1.0) that I know of? So which of these may methods is best for our desired setup? I can't see why kerberos would be neccesary, but enlighten me... Hmm, guess that wasn't soo many. Mostly right now I'm curious/confused about the Auth methods (Don't feel like becoming a Cyrus/SASL/LDAP/Berkley/patching/etc master today), and as I said it would be nice if this system was virtual-domain aware (which probably dictates the Auth method) (I guess I'm interested ideas like Perdition too, if somebody has had good experiences). Thanks for all the replies in advance, Luke Johnson
New Cyrus Setup Recommendations Please
Hello Everybody, I'm looking for a few thoughts from realworld/enterprise/experienced/etc Cyrus users. I made a list of a whole bunch of questions to avoid annoying the maillist. Please feel free to answer all/any/none of these. First off our setup: Midsized ISP, ~15,000 email accounts (just cyrus, no real machine accounts), probably a 100 or less simultaneous connections, single mail server (although seperate SMTP relay for outbound). Currently we have an older RedHat/sendmail/cyrus setup (1.5ish I think) that hits a BerkleyDB file. We want the new machine to use a MySqlDB on a remote machine for auth, and possibly would like to support virtual domains with one server/daemon ([EMAIL PROTECTED], [EMAIL PROTECTED]). We're still growing but shouldn't have to scale beyond 50k accounts in the forseeable future. So the questions: Cyrus version? The stable 2.0.16 sounds nice, but so does 2.1.0 with it's ALTNAMESPACE/HEIRSEP ability. Pros/Cons, good patches, stability, bugs? Good MTAs? We've been using the defacto Sendmail with RH, but from what I've read Exim has nice filter features (ie virus), and I know nothing about Postfix or Qmail. Performance, Setup time, stability, cyrus compatibility? Auth Methods? Ugghh, this seems to be a pain. On another server we have a hacked PAM module hitting a MysqlDB, which would seem to continue to work with SASL=PLAIN, but not too secure. I've read some about using the LDAP to help with virtual domains (http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=8020), which seems nice. And there's the LDAP-Mysql patch, but not for the 2.x versions that I know of? And there is SASL-straight-to-Mysql right? So which of these may methods is best for our desired setup? I can't see why kerberos would be neccesary, but enlighten me... Hmm, guess that wasn't soo many. Mostly right now I'm curious/confused about the Auth methods (Don't feel like becoming a Cyrus/SASL/LDAP/Berkley/patching/etc master today), and as I said it would be nice if this system was virtual-domain aware (which probably dictates the Auth method) (I guess I'm interested ideas like Perdition too, if somebody has had good experiences). Thanks for all the replies in advance, Luke Johnson
