Re: cyrus 2.2 from yesterday cvs
I hit another problem: I have a mysql plugin for saslauthd, which i put together (and posted here about half a year ago). Among the first lines of auth_mysql() i print out the values i get for login and realm. If i test it with testsaslauthd, i get [EMAIL PROTECTED] as the login and empty realm, which i then split internally and insert into mysql query i read from conf file. It works perfectly. However, using imtest or telnet to pop3/imap ports, i see that i get test as login and empty realm. So something between imapd and saslauthd eats away the @domain part. This only happens if enable virtdomains in imapd.conf. If i turn it off, i get @domain part in the login as expected. Ken? -- Jure Pecar
Re: cyrus 2.2 from yesterday cvs
On Sun, 23 Feb 2003, Jure Pecar wrote: I hit another problem: I have a mysql plugin for saslauthd, which i put together (and posted here about half a year ago). Among the first lines of auth_mysql() i print out the values i get for login and realm. If i test it with testsaslauthd, i get [EMAIL PROTECTED] as the login and empty realm, which i then split internally and insert into mysql query i read from conf file. It works perfectly. However, using imtest or telnet to pop3/imap ports, i see that i get test as login and empty realm. So something between imapd and saslauthd eats away the @domain part. This only happens if enable virtdomains in imapd.conf. If i turn it off, i get @domain part in the login as expected. It should work fine. I use cyrus 2.2 with virtdomains turned on and saslauthd/ldap with no problems. It works fine with fully qualified usernames ([EMAIL PROTECTED]) and partially qualified usernames (test, example.com is determined by cyrus). Do you get a syslog entry for each failed authentication from saslauthd: AUTHFAIL: [EMAIL PROTECTED] service=pop3...? If this is the case, things are working fine. -- Igor
Re: cyrus 2.2 from yesterday cvs
On Sun, 23 Feb 2003 15:55:14 -0500 (EST) Igor Brezac [EMAIL PROTECTED] wrote: Do you get a syslog entry for each failed authentication from saslauthd: AUTHFAIL: [EMAIL PROTECTED] service=pop3...? If this is the case, things are working fine. no, i get AUTHFAIL: user=test service=imap realm= [internal error ] when using [EMAIL PROTECTED] as username. -- Jure Pecar
Re: cyrus 2.2 from yesterday cvs
On Sun, 23 Feb 2003, Jure Pecar wrote: On Sun, 23 Feb 2003 15:55:14 -0500 (EST) Igor Brezac [EMAIL PROTECTED] wrote: Do you get a syslog entry for each failed authentication from saslauthd: AUTHFAIL: [EMAIL PROTECTED] service=pop3...? If this is the case, things are working fine. no, i get AUTHFAIL: user=test service=imap realm= [internal error ] when using [EMAIL PROTECTED] as username. Can you show imtest/telnet telemetry? -- Igor
Re: cyrus 2.2 from yesterday cvs
Igor Brezac wrote: On Wed, 19 Feb 2003, Ilya wrote: Ken, do you have any plans for global admins without default domain setting? I got this working by accident, but this would be a nice feature. Admin needs to be unqualified and the imap server ip address should not resolve to a FQDN. Why should the server ip address not resolve ? I am using defaultdomain in imapd.conf and global as well as domain-admins work as expected ! Global admins login without an @ character but have to exist in the user database with a realm of the machines name which is exactly what dns reverse lookup tells sasl to the IP cyrus is running on...so why did you have to turn off address lookup in dns for your machine ? --Christian--
Re: cyrus 2.2 from yesterday cvs
On Thu, 20 Feb 2003, Christian Schulte wrote: Igor Brezac wrote: On Wed, 19 Feb 2003, Ilya wrote: Ken, do you have any plans for global admins without default domain setting? I got this working by accident, but this would be a nice feature. Admin needs to be unqualified and the imap server ip address should not resolve to a FQDN. Why should the server ip address not resolve ? I am using defaultdomain Ip can resolve, but not to a FQDN (it can resolve to 'server_name', but not to 'server_name.domain.tld') in imapd.conf and global as well as domain-admins work as expected ! Global admins login without an @ character but have to exist in the user database with a realm of the machines name which is exactly what dns reverse lookup tells sasl to the IP cyrus is running on...so why did you have to turn off address lookup in dns for your machine ? Ilya asked about global admins with defaultdomain _not_ set. This is a workaround for his request. -- Igor
cyrus 2.2 from yesterday cvs
Hi all, I started playing with the recent cvs code. Basically i want to set up a multidomain server with one default domain and mysql auxprop auth. So i have this in imapd.conf (among other things): admins: cyrus allowplaintext: yes defaultdomain: example.com hashimapspool: 1 imapidresponse: 1 loginrealms: example.com unixhirearcysep: 1 virtdomains: 1 sasl_pwcheck_method: auxprop sasl_mysql_statement: select password_plain from users where username='%u' and realm='%r' sasl_mysql_verbose: yes Here are my current findings: cyradm still does not compile to a working state outofthebox. Looks like env variables like BDB_LIB and SASL_LIB are not passed down to perl/imap. When exporting them by hand and going through standard 'perl Makefile.PL; make; make install' it works. There's a comment at the top of sasl*/plugins/mysql.c which states that ' %r is the realm which could be the kerbros realm, the FQDN of the computer the sasl app is on or what ever is after the @ on a username'. Looking at the code it looks like 'whatever is after @ on a username' take precedence over server FQDN (line 276 of plugins/mysql.c in sasl-2.1.12). Now, if i try to log in with imtest, it looks like it does not care what is after @ at all. Regardless if i set -a [EMAIL PROTECTED] or -u [EMAIL PROTECTED] or both, i get such log entries: mysql plugin doing query select password_plain from users where username='cyrus' and realm='myhost.example.com'. Same goes for IMAP logins. I have a default domain set in imapd.conf. I created its ondisk hirearchy with mkimap -d example.com and expect its mailboxes to appear underneath. However, mailboxes under default domain appear at the top level, as if virtdomains is off. (is this intentional? i havent run mkimap without -d yet) If i want to set quota for them i get System I/O error (the relevant config/quota directories are not present). If i create another domain, blah.net, and create some mailboxes under it, they appear properly and i can set their quota. Now it's entirely possible that i'm doing something wrong. In this case, i'd like to know what :) My environment is rehdat 7.3 with all updates. -- Jure Pecar
Re: cyrus 2.2 from yesterday cvs
On Wed, 19 Feb 2003, Jure Pecar wrote: cyradm still does not compile to a working state outofthebox. Looks like env variables like BDB_LIB and SASL_LIB are not passed down to perl/imap. When exporting them by hand and going through standard 'perl Makefile.PL; make; make install' it works. Please supply a patch to fix this, as far as I can tell, the code that is there is passing the necessary enviornment variables. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: cyrus 2.2 from yesterday cvs
Ken, do you have any plans for global admins without default domain setting? On Wed, Feb 19, 2003 at 09:24:54AM -0500, Ken Murchison wrote: Jure Pecar wrote: Hi all, I started playing with the recent cvs code. Basically i want to set up a multidomain server with one default domain and mysql auxprop auth. So i have this in imapd.conf (among other things): admins: cyrus allowplaintext: yes defaultdomain: example.com hashimapspool: 1 imapidresponse: 1 loginrealms: example.com unixhirearcysep: 1 virtdomains: 1 sasl_pwcheck_method: auxprop sasl_mysql_statement: select password_plain from users where username='%u' and realm='%r' sasl_mysql_verbose: yes Here are my current findings: cyradm still does not compile to a working state outofthebox. Looks like env variables like BDB_LIB and SASL_LIB are not passed down to perl/imap. When exporting them by hand and going through standard 'perl Makefile.PL; make; make install' it works. There's a comment at the top of sasl*/plugins/mysql.c which states that ' %r is the realm which could be the kerbros realm, the FQDN of the computer the sasl app is on or what ever is after the @ on a username'. Looking at the code it looks like 'whatever is after @ on a username' take precedence over server FQDN (line 276 of plugins/mysql.c in sasl-2.1.12). Now, if i try to log in with imtest, it looks like it does not care what is after @ at all. Regardless if i set -a [EMAIL PROTECTED] or -u [EMAIL PROTECTED] or both, i get such log entries: mysql plugin doing query select password_plain from users where username='cyrus' and realm='myhost.example.com'. Same goes for IMAP logins. I have a default domain set in imapd.conf. I created its ondisk hirearchy with mkimap -d example.com and expect its mailboxes to appear underneath. However, mailboxes under default domain appear at the top level, as if virtdomains is off. (is this intentional? i havent run mkimap without -d Yes. defaultdomain is mainly used for backwards compatibility when upgrading a single domain server. If you're starting from scratch then you probably don't want/need to use defaultdomain. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: cyrus 2.2 from yesterday cvs
On Wed, 19 Feb 2003, Ilya wrote: Ken, do you have any plans for global admins without default domain setting? I got this working by accident, but this would be a nice feature. Admin needs to be unqualified and the imap server ip address should not resolve to a FQDN. On Wed, Feb 19, 2003 at 09:24:54AM -0500, Ken Murchison wrote: Jure Pecar wrote: Hi all, I started playing with the recent cvs code. Basically i want to set up a multidomain server with one default domain and mysql auxprop auth. So i have this in imapd.conf (among other things): admins: cyrus allowplaintext: yes defaultdomain: example.com hashimapspool: 1 imapidresponse: 1 loginrealms: example.com unixhirearcysep: 1 virtdomains: 1 sasl_pwcheck_method: auxprop sasl_mysql_statement: select password_plain from users where username='%u' and realm='%r' sasl_mysql_verbose: yes Here are my current findings: cyradm still does not compile to a working state outofthebox. Looks like env variables like BDB_LIB and SASL_LIB are not passed down to perl/imap. When exporting them by hand and going through standard 'perl Makefile.PL; make; make install' it works. There's a comment at the top of sasl*/plugins/mysql.c which states that ' %r is the realm which could be the kerbros realm, the FQDN of the computer the sasl app is on or what ever is after the @ on a username'. Looking at the code it looks like 'whatever is after @ on a username' take precedence over server FQDN (line 276 of plugins/mysql.c in sasl-2.1.12). Now, if i try to log in with imtest, it looks like it does not care what is after @ at all. Regardless if i set -a [EMAIL PROTECTED] or -u [EMAIL PROTECTED] or both, i get such log entries: mysql plugin doing query select password_plain from users where username='cyrus' and realm='myhost.example.com'. Same goes for IMAP logins. I have a default domain set in imapd.conf. I created its ondisk hirearchy with mkimap -d example.com and expect its mailboxes to appear underneath. However, mailboxes under default domain appear at the top level, as if virtdomains is off. (is this intentional? i havent run mkimap without -d Yes. defaultdomain is mainly used for backwards compatibility when upgrading a single domain server. If you're starting from scratch then you probably don't want/need to use defaultdomain. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp -- Igor
