Re: Contents mysql problem
Hi, Could you provide an extract of the strace output for one process that fails ? Use -D setting in cyrus.conf and add following line in imapd.conf : debug_command: /usr/bin/strace -tt -s 200 -o /tmp/strace.cyrus.%s.%d -p %2$d <&- 2>&1 & Sébastien 2013/9/12 Rudolf Gabler > Hi, > > I examined my mysql problem a little more and got the following: > > the following log (2) shows, I preforked 7 imapd -s childs (by > /etc/cyrus.conf) and while one of the processes still reads from the local > mysql server (see process 32711), newly forked imapd childs are loosing > this ability (see process 9881). From this time on nearly all newly created > childs can't connect to the mysql server (even then when the "good ones" = > 32711 are terminated). > > In a very rapid process ( because childs with connection errors are > terminated see log 1) new childs are forked and forked (in my case 1 > fork/second the next 2 minutes - as well imaps as https processes) until > without restarting the master process some childs are forked, which are > again able to connect to the mysql server. But the forking process goes on > and tries to reach the number of preforked childs. This fills the logs > because only any then and now a "good" process is created. > > But only if I restart the master any child is working. The default max > connection limit is set to the default (150) for the mysql server. This is > still a testing environment with only one user connected by one open mailer. > > > Many regards, > > Rudi Gabler > > > > > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Contents mysql problem
Hi, I examined my mysql problem a little more and got the following: the following log (2) shows, I preforked 7 imapd -s childs (by /etc/cyrus.conf) and while one of the processes still reads from the local mysql server (see process 32711), newly forked imapd childs are loosing this ability (see process 9881). From this time on nearly all newly created childs can't connect to the mysql server (even then when the "good ones" = 32711 are terminated). In a very rapid process ( because childs with connection errors are terminated see log 1) new childs are forked and forked (in my case 1 fork/second the next 2 minutes - as well imaps as https processes) until without restarting the master process some childs are forked, which are again able to connect to the mysql server. But the forking process goes on and tries to reach the number of preforked childs. This fills the logs because only any then and now a "good" process is created. But only if I restart the master any child is working. The default max connection limit is set to the default (150) for the mysql server. This is still a testing environment with only one user connected by one open mailer. Many regards, Rudi Gabler --- log 1 shows the typically error when a child is unsuccessfully forked. Interestingly it tries to connect to the mysql server for the information of quotas and then to the file /var/lib/imap/quotas.db. But there is no specification in which format this file should be (because it should be in a sql database). log 1: Sep 12 12:45:16 xmailer imaps[31321]: SQL backend trying to connect to a host Sep 12 12:45:16 xmailer imaps[31321]: SQL backend trying to open db 'cyrusdb' on host 'localhost' Sep 12 12:45:16 xmailer imaps[31321]: executing SQL cmd: SELECT * FROM mailboxes_db LIMIT 0; Sep 12 12:45:16 xmailer imaps[31321]: SQL backend trying to connect to a host Sep 12 12:45:16 xmailer imaps[31321]: SQL backend trying to open db 'cyrusdb' on host 'localhost' Sep 12 12:45:16 xmailer imaps[31321]: DBERROR: SQL backend could not connect to host localhost Sep 12 12:45:16 xmailer imaps[31321]: DBERROR: could not open SQL database 'cyrusdb' Sep 12 12:45:16 xmailer imaps[31321]: DBERROR: opening /var/lib/imap/quotas.db: cyrusdb error Sep 12 12:45:16 xmailer imaps[31321]: Fatal error: can't read quotas file Sep 12 12:45:16 xmailer master[32309]: process 31321 exited, status 75 Sep 12 12:45:16 xmailer master[32309]: service imaps pid 31321 in READY state: terminated abnormally log 2: Sep 12 12:23:56 xmailer imaps[32711]: executing SQL cmd: SELECT * FROM mailboxes_db WHERE dbkey = 'user.rug.Solved.emulex'; Sep 12 12:23:56 xmailer imaps[32711]: fetching user_deny.db entry for 'rug' Sep 12 12:23:56 xmailer imaps[32711]: executing SQL cmd: SELECT * FROM mailboxes_db WHERE dbkey = 'user.rug.Solved.FFM'; Sep 12 12:23:56 xmailer imaps[32711]: executing SQL cmd: SELECT * FROM mailboxes_db WHERE dbkey = 'user.rug.Solved.FFM'; Sep 12 12:23:56 xmailer imaps[32711]: fetching user_deny.db entry for 'rug' Sep 12 12:23:56 xmailer imaps[4803]: fetching user_deny.db entry for 'rug' Sep 12 12:23:56 xmailer imaps[9881]: executed Sep 12 12:23:56 xmailer imaps[32711]: executing SQL cmd: SELECT * FROM mailboxes_db WHERE dbkey = 'user.rug.Solved.Fireball'; Sep 12 12:23:56 xmailer imaps[32711]: executing SQL cmd: SELECT * FROM mailboxes_db WHERE dbkey = 'user.rug.Solved.Fireball'; Sep 12 12:23:56 xmailer imaps[9881]: SQL backend trying to connect to a host Sep 12 12:23:56 xmailer imaps[9881]: SQL backend trying to open db 'cyrusdb' on host 'localhost' Sep 12 12:23:56 xmailer imaps[4803]: fetching user_deny.db entry for 'rug' Sep 12 12:23:56 xmailer imaps[32711]: fetching user_deny.db entry for 'rug' Sep 12 12:23:56 xmailer imaps[32711]: executing SQL cmd: SELECT * FROM mailboxes_db WHERE dbkey = 'user.rug.Solved.Fu&AN8-ball'; Sep 12 12:23:56 xmailer imaps[32711]: executing SQL cmd: SELECT * FROM mailboxes_db WHERE dbkey = 'user.rug.Solved.Fu&AN8-ball'; Sep 12 12:23:56 xmailer imaps[9881]: executing SQL cmd: SELECT * FROM mailboxes_db LIMIT 0; Sep 12 12:23:56 xmailer imaps[32711]: fetching user_deny.db entry for 'rug' Sep 12 12:23:56 xmailer imaps[32711]: executing SQL cmd: SELECT * FROM mailboxes_db WHERE dbkey = 'user.rug.Solved.Hawaii'; Sep 12 12:23:56 xmailer imaps[32711]: executing SQL cmd: SELECT * FROM mailboxes_db WHERE dbkey = 'user.rug.Solved.Hawaii'; Sep 12 12:23:56 xmailer imaps[32711]: fetching user_deny.db entry for 'rug' Sep 12 12:23:56 xmailer imaps[32711]: executing SQL cmd: SELECT * FROM mailboxes_db WHERE dbkey = 'user.rug.Solved.iostat'; Sep 12 12:23:56 xmailer imaps[32711]: executing SQL cmd: SELECT * FROM mailboxes_db WHERE dbkey
RE: mysql problem
You can check the following link for more details: http://dev.mysql.com/doc/refman/5.0/en/gone-away.html But I have to agree, most likely your hitting a bug. I normally get this in code I've written where I make a request to the server after I have closed the connection. I would suggest enabling logging on the mysql server and look to see what the last myql queries cyrus makes before this happens, this may give you some clues as to where it's happening. > Date: Wed, 11 Sep 2013 08:53:09 -0500 > From: bl...@ispn.net > To: info-cyrus@lists.andrew.cmu.edu > Subject: Re: mysql problem > > Rudolf Gabler wrote the following on 9/11/2013 2:46 AM: > > the system is running as expected. After approximately the 10 imaps contact > > suddenly the following occurs: > > > > Sep 11 09:43:29 xmailer imaps[8168]: DBERROR: SQL query failed: MySQL > > server has gone away > > Sep 11 09:43:29 xmailer imaps[8168]: DBERROR: SQL failed SELECT * FROM > > mailboxes_db WHERE dbkey = 'user….. > > > > But the local mysql server is o.k. and running. After a restart of cyrus > > (/etc/init.d/cyrus-imapd restart) everything is working until the next > > appr. 10 connection times by the user. > > > > If I use sqlite instead everything is stable for at least a month. > > > > Any hint what may occur? > > > > I'm not familiar with using MySQL for anything more than authentication > so I'm not sure how Cyrus makes it's db connections, but is there a > limit on the number of allowed client connections in my.cnf - or per > user on the MySQL account you're using for Cyrus? > > When Cyrus is broke, can you login to MySQL, use the Cyrus databases, > and run the queries that Cyrus would? > > --Blake > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: mysql problem
Rudolf Gabler wrote the following on 9/11/2013 2:46 AM: > the system is running as expected. After approximately the 10 imaps contact > suddenly the following occurs: > > Sep 11 09:43:29 xmailer imaps[8168]: DBERROR: SQL query failed: MySQL server > has gone away > Sep 11 09:43:29 xmailer imaps[8168]: DBERROR: SQL failed SELECT * FROM > mailboxes_db WHERE dbkey = 'user….. > > But the local mysql server is o.k. and running. After a restart of cyrus > (/etc/init.d/cyrus-imapd restart) everything is working until the next appr. > 10 connection times by the user. > > If I use sqlite instead everything is stable for at least a month. > > Any hint what may occur? > I'm not familiar with using MySQL for anything more than authentication so I'm not sure how Cyrus makes it's db connections, but is there a limit on the number of allowed client connections in my.cnf - or per user on the MySQL account you're using for Cyrus? When Cyrus is broke, can you login to MySQL, use the Cyrus databases, and run the queries that Cyrus would? --Blake Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: mysql problem
On 9/11/13 5:43 AM, Bron Gondwana wrote: > On Wed, Sep 11, 2013, at 05:46 PM, Rudolf Gabler wrote: >> Hi, >> >> the cyrus-imapd-2.4.17-caldav-beta6 release shows the following: >> >> After a fresh start with a mysql database for several purposes >> >> duplicate_db: sql >> mboxlist_db: sql >> quota_db: sql >> tlscache_db: sql >> >> the system is running as expected. After approximately the 10 imaps contact >> suddenly the following occurs: >> >> Sep 11 09:43:29 xmailer imaps[8168]: DBERROR: SQL query failed: MySQL server >> has gone away >> Sep 11 09:43:29 xmailer imaps[8168]: DBERROR: SQL failed SELECT * FROM >> mailboxes_db WHERE dbkey = 'user….. >> >> But the local mysql server is o.k. and running. After a restart of cyrus >> (/etc/init.d/cyrus-imapd restart) everything is working until the next appr. >> 10 connection times by the user. > Smells like connection handle leakage, or leakage of some other finite > resource in the mysql library. > >> Any hint what may occur? > Ken - any ideas? You know this code better than I do. > > Bron. > No, I don't have any ideas. I don't have any experience using MySQL for all Cyrus databases (or any Cyrus db for that matter), and the *DAV code uses SQLite, not mySQL, and does so directly without going through the cyrusdb API. -- Kenneth Murchison Principal Systems Software Engineer Carnegie Mellon University Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: mysql problem
On Wed, Sep 11, 2013, at 05:46 PM, Rudolf Gabler wrote: > Hi, > > the cyrus-imapd-2.4.17-caldav-beta6 release shows the following: > > After a fresh start with a mysql database for several purposes > > duplicate_db: sql > mboxlist_db: sql > quota_db: sql > tlscache_db: sql > > the system is running as expected. After approximately the 10 imaps contact > suddenly the following occurs: > > Sep 11 09:43:29 xmailer imaps[8168]: DBERROR: SQL query failed: MySQL server > has gone away > Sep 11 09:43:29 xmailer imaps[8168]: DBERROR: SQL failed SELECT * FROM > mailboxes_db WHERE dbkey = 'user….. > > But the local mysql server is o.k. and running. After a restart of cyrus > (/etc/init.d/cyrus-imapd restart) everything is working until the next appr. > 10 connection times by the user. Smells like connection handle leakage, or leakage of some other finite resource in the mysql library. > Any hint what may occur? Ken - any ideas? You know this code better than I do. Bron. -- Bron Gondwana br...@fastmail.fm Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
mysql problem
Hi, the cyrus-imapd-2.4.17-caldav-beta6 release shows the following: After a fresh start with a mysql database for several purposes duplicate_db: sql mboxlist_db: sql quota_db: sql tlscache_db: sql the system is running as expected. After approximately the 10 imaps contact suddenly the following occurs: Sep 11 09:43:29 xmailer imaps[8168]: DBERROR: SQL query failed: MySQL server has gone away Sep 11 09:43:29 xmailer imaps[8168]: DBERROR: SQL failed SELECT * FROM mailboxes_db WHERE dbkey = 'user….. But the local mysql server is o.k. and running. After a restart of cyrus (/etc/init.d/cyrus-imapd restart) everything is working until the next appr. 10 connection times by the user. If I use sqlite instead everything is stable for at least a month. Any hint what may occur? Regards, Rudi Gabler signature.asc Description: Message signed with OpenPGP using GPGMail Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Sieve authentification (against mysql) problem
Andreas Winkelmann schrieb: Am Tuesday 19 September 2006 14:58 schrieb Bjoern Burger: -u is the Authorization-Id. -a is what you want. If you omit -a, the logged in User is used, in your Case [EMAIL PROTECTED] . $ sivtest -a cyrus server.domain.tld Maybe add both: $ sivtest -a cyrus -u cyrus server.domain.tld Thanks, now the test is passed without errors and it says "authenticated". I also see the mysql query for [EMAIL PROTECTED] in mysql.log. So sieve uses the mysql database for authentification, which was not so clear for me in the past time. Test this, and report Errors. Check the Log on the Server, too. Thanks, now i knew sieve works and i have to look closer to WebCyradm for the fault. Here is a short description for Authorization and Authentication: http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/AuthorizationAndAuthentication I will read this and hope it helps me to finde the fault. thank you. -- Dr. Bülow & Masiak GmbH | Björn Burger Victoriastr. 119 | Systemadministration 45772 Marl| [EMAIL PROTECTED] Telefon : + 49 2365 41460 | Fax : + 49 2365 414658 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve authentification (against mysql) problem
Am Tuesday 19 September 2006 14:58 schrieb Bjoern Burger: > i have trouble with sieve and hope someone can tell me a way out. > Google is not my friend today. > > I have installed a Debian server with Cyrus, Sendmail and WebCyradm. > The user authentication works against a mysql database. > > Almost every thing works fine, all usernames and passwords are stored in > the MYSQL, i can create accounts > with WebCyradm, can recieve mail and send mail. > > But i can´t set vacation messages anymore. > I set them with WebCyradm. > > It works fine for a while, i have tested it a lot, because I changed > a little bit in the Webcyradm php files. > > I got now an error "Failed to login" , when I try to set a vacation > message. When I print the variables which used for authentication it prints > cyrus with the correct password. > > It seems that sieve doesn´t authenticates against the mysql Database > anymore(?). There are no entrys in the mysql.log for trying to get a > password for the cyrus user from the mysql database. > > Using the original WebCyradm files, after getting trouble, works for 1 or 2 > tries, but now I get the same error with > the original files. > > So i installed cyrus-clients on a remote machine und try sivtest. > I can connect to the server, but get an "Authentication failed. generic > failure " error after typing in my password. > > I call sivtest "sivtest -u cyrus machinename.domain.tld" und get a prompt > that asks for the password. > > But now there are "new" messages in auth.log. And i see that cyrus/sieve > try to get a username for [EMAIL PROTECTED] > from the mysql database. > > Tried to solve this by adding [EMAIL PROTECTED] with a password to the > accountuser table in the mysql database, but it doesn´t work. -u is the Authorization-Id. -a is what you want. If you omit -a, the logged in User is used, in your Case [EMAIL PROTECTED] . $ sivtest -a cyrus server.domain.tld Maybe add both: $ sivtest -a cyrus -u cyrus server.domain.tld Test this, and report Errors. Check the Log on the Server, too. Here is a short description for Authorization and Authentication: http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/AuthorizationAndAuthentication -- Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve authentification (against mysql) problem
Hello, i have trouble with sieve and hope someone can tell me a way out. Google is not my friend today. I have installed a Debian server with Cyrus, Sendmail and WebCyradm. The user authentication works against a mysql database. Almost every thing works fine, all usernames and passwords are stored in the MYSQL, i can create accounts with WebCyradm, can recieve mail and send mail. But i can´t set vacation messages anymore. I set them with WebCyradm. It works fine for a while, i have tested it a lot, because I changed a little bit in the Webcyradm php files. I got now an error "Failed to login" , when I try to set a vacation message. When I print the variables which used for authentication it prints cyrus with the correct password. It seems that sieve doesn´t authenticates against the mysql Database anymore(?). There are no entrys in the mysql.log for trying to get a password for the cyrus user from the mysql database. Using the original WebCyradm files, after getting trouble, works for 1 or 2 tries, but now I get the same error with the original files. So i installed cyrus-clients on a remote machine und try sivtest. I can connect to the server, but get an "Authentication failed. generic failure " error after typing in my password. I call sivtest "sivtest -u cyrus machinename.domain.tld" und get a prompt that asks for the password. But now there are "new" messages in auth.log. And i see that cyrus/sieve try to get a username for [EMAIL PROTECTED] from the mysql database. Tried to solve this by adding [EMAIL PROTECTED] with a password to the accountuser table in the mysql database, but it doesn´t work. I can´t see the wood for the trees. hopefully Bjoern Burger Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus + sasl + pam + mysql problem
Hi, A followup. It seems that I informed incorrectly and that our authentication whas hacked to let us login to all accounts with a second password. I am able to do this now with pam + mysql too. I added a second line in my pam-msql config so that it also checks an other column if the normal password doesn't work. (Maybe I could use an other module) However this doesn't solve my other problem: the cyradm user his password is in the /etc/sasldb2 file. Any pointers for this problem? Thanks in advance, Rudy Rudy Gevaert wrote: Simon Matter wrote: Hi, With the help of the list I have set up cyrus + sasl + pam + mysql. The only problem I still have is that I can't log in for a user with the cyradm password. My cyradm password is set and can be found in the /etc/sasldb2 file. If you have your users in mysql, you don't need anything in /etc/sasldb2. You have to set your admin accounts for cyradm in the mysql db. Ok: I removed /etc/sasldb2 and added a user cyradm in my mysql db. With a password. opening an imap connection for a user and using the password of the cyradm user doesn't work. Neighter does sieveshell -a cyrus -u rgevaert localhost (Before with the sasldb2 file I could get logged in) (I have a /etc/pam.d/sieve in place that points to pam-mysql) Does anyone have any ideas? Thanks in advance, -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert e-mail: [EMAIL PROTECTED] Directie ICT, Afdeling Infrastructuur Groep Systemen tel: +32 9 264 4734 Universiteit Gent / Ghent Universityfax: +32 9 264 4994 Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus + sasl + pam + mysql problem [auf V iren überprüft]
Rudy Gevaert schrieb: My cyradm password is set and can be found in the /etc/sasldb2 file. If you have your users in mysql, you don't need anything in /etc/sasldb2. You have to set your admin accounts for cyradm in the mysql db. Ok: I removed /etc/sasldb2 and added a user cyradm in my mysql db. With a password. opening an imap connection for a user and using the password of the cyradm user doesn't work. Neighter does sieveshell -a cyrus -u rgevaert localhost (Before with the sasldb2 file I could get logged in) Is the username "cyrus" (like in "-a cyrus") or "cyradm"? Hans Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus + sasl + pam + mysql problem
Simon Matter wrote: Hi, With the help of the list I have set up cyrus + sasl + pam + mysql. The only problem I still have is that I can't log in for a user with the cyradm password. My cyradm password is set and can be found in the /etc/sasldb2 file. If you have your users in mysql, you don't need anything in /etc/sasldb2. You have to set your admin accounts for cyradm in the mysql db. Ok: I removed /etc/sasldb2 and added a user cyradm in my mysql db. With a password. opening an imap connection for a user and using the password of the cyradm user doesn't work. Neighter does sieveshell -a cyrus -u rgevaert localhost (Before with the sasldb2 file I could get logged in) (I have a /etc/pam.d/sieve in place that points to pam-mysql) Does anyone have any ideas? Thanks in advance, -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert e-mail: [EMAIL PROTECTED] Directie ICT, Afdeling Infrastructuur Groep Systemen tel: +32 9 264 4734 Universiteit Gent / Ghent Universityfax: +32 9 264 4994 Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus + sasl + pam + mysql problem
> Hi, > > With the help of the list I have set up cyrus + sasl + pam + mysql. The > only problem I still have is that I can't log in for a user with the > cyradm password. > > My cyradm password is set and can be found in the /etc/sasldb2 file. If you have your users in mysql, you don't need anything in /etc/sasldb2. You have to set your admin accounts for cyradm in the mysql db. Simon > > How can I further debug this? > > Thanks in advance, > -- > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > Rudy Gevaert e-mail: [EMAIL PROTECTED] > Directie ICT, Afdeling Infrastructuur > Groep Systemen tel: +32 9 264 4734 > Universiteit Gent / Ghent Universityfax: +32 9 264 4994 > Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus + sasl + pam + mysql problem
Hi, With the help of the list I have set up cyrus + sasl + pam + mysql. The only problem I still have is that I can't log in for a user with the cyradm password. My cyradm password is set and can be found in the /etc/sasldb2 file. How can I further debug this? Thanks in advance, -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert e-mail: [EMAIL PROTECTED] Directie ICT, Afdeling Infrastructuur Groep Systemen tel: +32 9 264 4734 Universiteit Gent / Ghent Universityfax: +32 9 264 4994 Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus + sasl + pam + mysql problem
> Is this true? Because: > > An imapd.conf with > > sasl_mech_list: PLAIN > sasl_pwcheck_method: auxprop > sasl_auxprop_plugin: sql > sasl_sql_engine: mysql > sasl_mech_list: PLAIN > sasl_sql_hostnames: localhost > sasl_sql_user: mail > sasl_sql_passwd: x > sasl_sql_database: mail > sasl_sql_verbose: yes > sasl_sql_select: SELECT password FROM accountuser WHERE username = '%u' sasl_pwcheck_method: saslauthd Nothing else. All other stuff is handled by imap pam file. > b) Then I tried to configure cyrus to use pam (that then use mysql) > > pwcheck_method: PAM saslauthd! And saslauthd uses pam! > If somebody could give me some pointers, it would be very much appreciated! Have a look at the web-cyradm Howto which explain your needs. http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html Michael Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus + sasl + pam + mysql problem
Hello, I have tried to set up cyrus with passwords in mysql. I only have the password in crypt format. I'm using debian sarge, but the cyrus is compiled from source. I thought I could do this the following way: 1) configure sasl so that it uses pam for authentication 2) configure pam so that it uses mysql for imap authentication This works: I start saslauthd with: /usr/sbin/saslauthd -a pam Pam config: rood:/etc# cat /etc/pam.d/imap auth sufficient pam_mysql.so user=x passwd=x host=localhost \ db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=1 account required pam_mysql.so user=x passwd=x host=localhost \ db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=1 I can test that this works with testsaslauthd: rood:/etc# testsaslauthd -u rgevaert -p pass 0: OK "Success I can see that mysql is executing queries in the mysql log. For the third step I tried: a) Configure cyrus to use sasl with mysql. I am very confused here. On the internet I find a page that says I have to patch sasl so that it can use encrypted passwords: http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/ Is this true? Because: An imapd.conf with sasl_mech_list: PLAIN sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sasl_sql_engine: mysql sasl_mech_list: PLAIN sasl_sql_hostnames: localhost sasl_sql_user: mail sasl_sql_passwd: x sasl_sql_database: mail sasl_sql_verbose: yes sasl_sql_select: SELECT password FROM accountuser WHERE username = '%u' Makes connection to the mysql database but it fails: Mar 2 11:23:07 rood imaps[14528]: badlogin: pimp.ugent.be [157.193.44.68] PLAIN [SASL(-13): authentication failure: Password verification failed] So this doesn't work... why? b) Then I tried to configure cyrus to use pam (that then use mysql) pwcheck_method: PAM Mar 2 11:55:14 rood imaps[14666]: sql_select option missing Mar 2 11:55:14 rood imaps[14666]: auxpropfunc error no mechanism available Mar 2 11:55:14 rood imaps[14666]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Mar 2 11:55:15 rood imaps[14666]: OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory Mar 2 11:55:16 rood imaps[14666]: DIGEST-MD5 server step 1 Mar 2 11:55:18 rood imaps[14666]: DIGEST-MD5 server step 2 Mar 2 11:55:18 rood imaps[14666]: no secret in database I don't see any mysql queries executed. Some questions about this log: * why doesn't it complain about sql, I haven't anything in the config that says use the sql module * so clearyly the password verification fails If somebody could give me some pointers, it would be very much appreciated! Rudy -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert e-mail: [EMAIL PROTECTED] Directie ICT, Afdeling Infrastructuur Groep Systemen tel: +32 9 264 4734 Universiteit Gent / Ghent Universityfax: +32 9 264 4994 Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPD + Cyrus SASL + MySQL : Problem while trying to use non plaintext login
> So is it impossible to use saslauthd + pam_mysql (or auxprop with > plugin sql the two method works) with CRAMMD5 or DIGESTMD5 ? saslauthd is limited to plaintext. For shared secret mechs you should use auxprop (sasldb or sql). Holger --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus IMAPD + Cyrus SASL + MySQL : Problem while trying to use non plaintext login
Hi, I'm new with cyrus system and i'm actually trying to configure it. By now, everything works fine. I use saslauthd with pam_mysql for authenticating my users. I can create my user with cyradm (after adding it to mysql db), and then use the account in a MUA with no problem. The problem is that Cyrus imapd tell me that it doesn't support CRAM MD5 nor MD5 DIGEST. Plaintext login is quiet unsecure. I lookup the doc and it seems as if such authentification method are only available while using sasldb ? So is it impossible to use saslauthd + pam_mysql (or auxprop with plugin sql the two method works) with CRAMMD5 or DIGESTMD5 ? For information, i use cyrus-imapd 2.2.8 and cyrus-sasl2 2.1.20 on a Debian stable (Woody) with Postfix. I make my own packages for cyrus-imap and cyrus-sasl (Debian stable's one were to old and doesn't support virtual domain). If you want this packages: http://yanluo.net/~binarym/, they'are always under creation, so unperfect, but the binaries are ok. I'll try to follow security issues. Regards, Gérald. -- Gérald Colangelo list at psycho-hazard dot net http://psycho-hazard.net/~binarym/ --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: MySQL problem
On Mon, 3 Jun 2003, Simon Loader wrote: > Your probably using mysql4 in which case that should be a different > call. When I get a new version of cyrus somewhere ill patch the code. The code is fixed in CVS. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: MySQL problem
On Mon, 2003-06-02 at 14:08, Vasili G. Yanov wrote: > > I have successfully compiled and installed > Sendmail 8.2.19 + Cyrus Imap 2.1.9 + Cyrus SASL 2.1.7. > I store users in sasl2.db. After all I decide store all users in > MySQL, for this I recompile sasl2 with --with-mysql. Now when I try to > authorize I get error: > unable to dlopen /usr/lib/sasl2//libmysql.so: /usr/lib/sasl2//libmysql.so: > Undefined symbol "mysql_connect" > > Your probably using mysql4 in which case that should be a different call. When I get a new version of cyrus somewhere ill patch the code. -- Simon Loader
MySQL problem
I have successfully compiled and installed Sendmail 8.2.19 + Cyrus Imap 2.1.9 + Cyrus SASL 2.1.7. I store users in sasl2.db. After all I decide store all users in MySQL, for this I recompile sasl2 with --with-mysql. Now when I try to authorize I get error: unable to dlopen /usr/lib/sasl2//libmysql.so: /usr/lib/sasl2//libmysql.so: Undefined symbol "mysql_connect" my /usr/lib/Sasl2/Cyrus.conf: pwcheck_method: auxprop auxprop_plugin: mysql mysql_user: imapd mysql_passwd: imap_pass mysql_hostnames:172.16.1.2 mysql_database: mail mysql_statment: select password from acc_user where username='%u' mysql_verbose: true Whats wrong? Thanks in advance.