pam_mysql and cyrus_sasl
Hello! I have a running Cyrus 2.1.12, Postfix 2.0.5 and cyrus-sasl.2.1.12. I set up php-webcyradm with database mail. postfix delivers mail to cyrus without a problem. I cannot get the mail with squirrelmail or sylpheed. eta:/var/log # sasldblistusers2 [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: cmusaslsecretOTP [EMAIL PROTECTED]: cmusaslsecretOTP eta:/var/log # telnet localhost 143 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK localhost Cyrus IMAP4 v2.1.12 server ready . login cyrus cyruspass . OK User logged in . logout * BYE LOGOUT received . OK Completed Connection closed by foreign host. eta:/var/log # telnet localhost 143 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK localhost Cyrus IMAP4 v2.1.12 server ready . login karl karlpass . NO Login failed: authentication failure . logout * BYE LOGOUT received . OK Completed Connection closed by foreign host. The according log: eta saslauthd[983]: pam_sm_authenticate called. eta saslauthd[983]: dbuser changed. eta saslauthd[983]: dbpasswd changed. eta saslauthd[983]: host changed. eta saslauthd[983]: database changed. eta saslauthd[983]: table changed. eta saslauthd[983]: usercolumn changed. eta saslauthd[983]: passwdcolumn changed. eta saslauthd[983]: crypt changed. eta saslauthd[983]: db_connect called. eta saslauthd[983]: returning 0 . eta saslauthd[983]: db_checkpasswd called. eta saslauthd[983]: pam_mysql: where clause = eta saslauthd[983]: SELECT password FROM accountuser WHERE username='cyrus' eta saslauthd[983]: sqlLog called. eta saslauthd[983]: pam_mysql: error: sqllog set but logtable not set eta saslauthd[983]: pam_mysql: error: sqllog set but logmsgcolumn not set eta saslauthd[983]: pam_mysql: error: sqllog set but logusercolumn not set eta saslauthd[983]: pam_mysql: error: sqllog set but loghostcolumn not set eta saslauthd[983]: pam_mysql: error: sqllog set but logtimecolumn not set eta saslauthd[983]: returning 0 . eta saslauthd[983]: returning 0. eta saslauthd[982]: pam_sm_authenticate called. eta saslauthd[982]: dbuser changed. eta saslauthd[982]: dbpasswd changed. eta saslauthd[982]: host changed. eta saslauthd[982]: database changed. eta saslauthd[982]: table changed. eta saslauthd[982]: usercolumn changed. eta saslauthd[982]: passwdcolumn changed. eta saslauthd[982]: crypt changed. eta saslauthd[982]: db_connect called. eta saslauthd[982]: returning 0 . eta saslauthd[982]: db_checkpasswd called. eta saslauthd[982]: pam_mysql: where clause = eta saslauthd[982]: SELECT password FROM accountuser WHERE username='karl' eta saslauthd[982]: pam_mysql: select returned more than one result eta saslauthd[982]: returning 7 after db_checkpasswd. eta saslauthd[982]: AUTHFAIL: user=karl service=imap realm= [PAM auth error] I made so many tests and roundabouts, I do not longer understand what is going on. The users cyrus and karl exist in sasldb2 and also in the database mail (MySQL) with clearpassword. eta:/var/log # saslpasswd2 -c andreas Password: Again (for verification): eta:/var/log # telnet localhost 143 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK localhost Cyrus IMAP4 v2.1.12 server ready . login cyrus cyruspass . OK User logged in . login andreas andreaspass # same as the cyruspass . BAD Already logged in . logout * BYE LOGOUT received . OK Completed Connection closed by foreign host. Why is andreas already logged in? due to the same passwd like cyrus? Any help appreciated. Completly clueless. -- Andreas Meyer Object Class Common Name userPassword posixAccount andreas {SSHA}hpyqObx1/BXbKFgXoqCayoGsvIgPYiVc
Re: pam_mysql and cyrus_sasl
Andreas Meyer wrote: eta saslauthd[982]: pam_mysql: where clause = eta saslauthd[982]: SELECT password FROM accountuser WHERE username='karl' eta saslauthd[982]: pam_mysql: select returned more than one result eta saslauthd[982]: returning 7 after db_checkpasswd. eta saslauthd[982]: AUTHFAIL: user=karl service=imap realm= [PAM auth error] It looks like you have multiple rows in your accountuser table that have username='karl' (you should probably have a unique index on it anyway), or else accountuser is a view that is matching more than one row. The error message is telling you exactly what the problem is -- when it looks up the username in your mysql table, it is getting more than one row so it doesn't know what to use to validate the login. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
Re: pam_mysql and cyrus_sasl
Hello! Am Wed, 12 Mar 2003 15:01:36 -0500 schrieb John Alton Tamplin: eta saslauthd[982]: pam_mysql: where clause = eta saslauthd[982]: SELECT password FROM accountuser WHERE username='karl' eta saslauthd[982]: pam_mysql: select returned more than one result eta saslauthd[982]: returning 7 after db_checkpasswd. eta saslauthd[982]: AUTHFAIL: user=karl service=imap realm= [PAM auth error] It looks like you have multiple rows in your accountuser table that have username='karl' (you should probably have a unique index on it anyway), or else accountuser is a view that is matching more than one row. The error message is telling you exactly what the problem is -- when it looks up the username in your mysql table, it is getting more than one row so it doesn't know what to use to validate the login. ok, I installed the database newly according to the docs of php-webcyradm and the problem pam_mysql: select returned more than one result is gone. Seems I was reading an obsolete docu. But the problem with squirrelmail or another MUA is still there: eta imapd[2041]: accepted connection eta imapd[2041]: badlogin: localhost[127.0.0.1] plaintext andreas SASL(-13): \ authentication failure: checkpass failed eta master[968]: process 2041 exited, status 0 eta master[2050]: about to exec /usr/cyrus/bin/imapd eta imap[2050]: executed eta imapd[2050]: accepted connection eta imapd[2050]: badlogin: localhost[127.0.0.1] plaintext karl SASL(-13): \ authentication failure: checkpass failed sigh, don't know what to do. Postfix delivers without a problem. Return-Path: [EMAIL PROTECTED] Received: from eta.meyer.home ([unix socket]) by eta.meyer.home (Cyrus v2.1.12) with LMTP; Wed, 12 Mar 2003 23:32:08 +0100 X-Sieve: CMU Sieve 2.2 Received: from lo (localhost [127.0.0.1]) by eta.meyer.home (Postfix 2.0.5 on eta.meyer.home) with ESMTP id 138898825 for [EMAIL PROTECTED]; Wed, 12 Mar 2003 23:31:44 +0100 (CET) Message-Id: [EMAIL PROTECTED] Date: Wed, 12 Mar 2003 23:31:45 +0100 (CET) From: [EMAIL PROTECTED] To: undisclosed-recipients:; asdf Postfix is using the same database in mysql and also is using saslauthd. If I only knew how to track this problem down. # telnet localhost 143 Connected to localhost. Escape character is '^]'. * OK eta.meyer.home Cyrus IMAP4 v2.1.12 server ready . login andreas andreaspass . NO Login failed: authentication failure What do I not understand here? Is this kind of authetication not using saslauthd? I have this entry in imapd.conf: sasl_pwcheck_method: saslauthd allowplaintext: yes sasl_mech_list: PLAIN servername: localhost eta:/etc # /usr/local/bin/imtest -m login -a andreas localhost S: * OK eta.meyer.home Cyrus IMAP4 v2.1.12 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS \ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN \ MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE S: C01 OK Completed Please enter your password: C: L01 LOGIN andreas {8} S: + go ahead C: omitted S: L01 NO Login failed: authentication failure Authentication failed. generic failure Security strength factor: 0 Postfix clearly has tables to look in for delivery. hm this seems to become a sysyphuswork. Problem seems to be with pam although I cannot see where. -- Andreas Meyer Object Class Common Name userPassword posixAccount andreas {SSHA}hpyqObx1/BXbKFgXoqCayoGsvIgPYiVc