Re: pam_mysql and cyrus_sasl

2003-03-12 Thread Andreas Meyer
Hello!

Am Wed, 12 Mar 2003 15:01:36 -0500 schrieb John Alton Tamplin:

> >eta saslauthd[982]: pam_mysql: where clause =
> >eta saslauthd[982]: SELECT password FROM accountuser WHERE username='karl'
> >eta saslauthd[982]: pam_mysql: select returned more than one result
> >eta saslauthd[982]: returning 7 after db_checkpasswd.
> >eta saslauthd[982]: AUTHFAIL: user=karl service=imap realm= [PAM auth error] 
> >
> It looks like you have multiple rows in your accountuser table that have 
> username='karl' (you should probably have a unique index on it anyway), 
> or else accountuser is a view that is matching more than one row.  The 
> error message is telling you exactly what the problem is -- when it 
> looks up the username in your mysql table, it is getting more than one 
> row so it doesn't know what to use to validate the login.

ok, I installed the database newly according to the docs of php-webcyradm
and the problem "pam_mysql: select returned more than one result" is gone.
Seems I was reading an obsolete docu.

But the problem with squirrelmail or another MUA is still there:
eta imapd[2041]: accepted connection
eta imapd[2041]: badlogin: localhost[127.0.0.1] plaintext andreas SASL(-13): \
 authentication failure: checkpass failed
eta master[968]: process 2041 exited, status 0
eta master[2050]: about to exec /usr/cyrus/bin/imapd
eta imap[2050]: executed
eta imapd[2050]: accepted connection
eta imapd[2050]: badlogin: localhost[127.0.0.1] plaintext karl SASL(-13): \
 authentication failure: checkpass failed

sigh, don't know what to do. Postfix delivers without a problem.

Return-Path: <[EMAIL PROTECTED]>
Received: from eta.meyer.home ([unix socket])
by eta.meyer.home (Cyrus v2.1.12) with LMTP; Wed, 12 Mar 2003 23:32:08 +0100
X-Sieve: CMU Sieve 2.2
Received: from lo (localhost [127.0.0.1])
by eta.meyer.home (Postfix 2.0.5 on eta.meyer.home) with ESMTP id 138898825
for <[EMAIL PROTECTED]>; Wed, 12 Mar 2003 23:31:44 +0100 (CET)
Message-Id: <[EMAIL PROTECTED]>
Date: Wed, 12 Mar 2003 23:31:45 +0100 (CET)
From: [EMAIL PROTECTED]
To: undisclosed-recipients:;
 
asdf

Postfix is using the same database in mysql and also is using saslauthd. 
If I only knew how to track this problem down.

# telnet localhost 143
Connected to localhost.
Escape character is '^]'.
* OK eta.meyer.home Cyrus IMAP4 v2.1.12 server ready
. login andreas andreaspass
. NO Login failed: authentication failure

What do I not understand here? Is this kind of authetication
not using saslauthd? I have this entry in imapd.conf:
sasl_pwcheck_method: saslauthd
allowplaintext: yes
sasl_mech_list: PLAIN
servername: localhost


eta:/etc # /usr/local/bin/imtest -m login -a andreas localhost
S: * OK eta.meyer.home Cyrus IMAP4 v2.1.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS \
 NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN \
 MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN andreas {8}
S: + go ahead
C: 
S: L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0

Postfix clearly has tables to look in for delivery.
hm this seems to become a sysyphuswork. Problem seems to be
with pam although I cannot see where.


-- 

  Andreas Meyer

Object Class   Common Name   userPassword
posixAccount   andreas   {SSHA}hpyqObx1/BXbKFgXoqCayoGsvIgPYiVc


Re: pam_mysql and cyrus_sasl

2003-03-12 Thread John Alton Tamplin
Andreas Meyer wrote:

eta saslauthd[982]: pam_mysql: where clause =
eta saslauthd[982]: SELECT password FROM accountuser WHERE username='karl'
eta saslauthd[982]: pam_mysql: select returned more than one result
eta saslauthd[982]: returning 7 after db_checkpasswd.
eta saslauthd[982]: AUTHFAIL: user=karl service=imap realm= [PAM auth error] 

It looks like you have multiple rows in your accountuser table that have 
username='karl' (you should probably have a unique index on it anyway), 
or else accountuser is a view that is matching more than one row.  The 
error message is telling you exactly what the problem is -- when it 
looks up the username in your mysql table, it is getting more than one 
row so it doesn't know what to use to validate the login.

--
John A. Tamplin   Unix System Administrator
Emory University, School of Public Health +1 404/727-9931