pam_mysql and cyrus_sasl
Hello!
I have a running Cyrus 2.1.12, Postfix 2.0.5 and cyrus-sasl.2.1.12.
I set up php-webcyradm with database mail. postfix delivers mail to
cyrus without a problem. I cannot get the mail with squirrelmail or
sylpheed.
eta:/var/log # sasldblistusers2
[EMAIL PROTECTED]: userPassword
[EMAIL PROTECTED]: userPassword
[EMAIL PROTECTED]: cmusaslsecretOTP
[EMAIL PROTECTED]: cmusaslsecretOTP
eta:/var/log # telnet localhost 143
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK localhost Cyrus IMAP4 v2.1.12 server ready
. login cyrus cyruspass
. OK User logged in
. logout
* BYE LOGOUT received
. OK Completed
Connection closed by foreign host.
eta:/var/log # telnet localhost 143
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK localhost Cyrus IMAP4 v2.1.12 server ready
. login karl karlpass
. NO Login failed: authentication failure
. logout
* BYE LOGOUT received
. OK Completed
Connection closed by foreign host.
The according log:
eta saslauthd[983]: pam_sm_authenticate called.
eta saslauthd[983]: dbuser changed.
eta saslauthd[983]: dbpasswd changed.
eta saslauthd[983]: host changed.
eta saslauthd[983]: database changed.
eta saslauthd[983]: table changed.
eta saslauthd[983]: usercolumn changed.
eta saslauthd[983]: passwdcolumn changed.
eta saslauthd[983]: crypt changed.
eta saslauthd[983]: db_connect called.
eta saslauthd[983]: returning 0 .
eta saslauthd[983]: db_checkpasswd called.
eta saslauthd[983]: pam_mysql: where clause =
eta saslauthd[983]: SELECT password FROM accountuser WHERE username='cyrus'
eta saslauthd[983]: sqlLog called.
eta saslauthd[983]: pam_mysql: error: sqllog set but logtable not set
eta saslauthd[983]: pam_mysql: error: sqllog set but logmsgcolumn not set
eta saslauthd[983]: pam_mysql: error: sqllog set but logusercolumn not set
eta saslauthd[983]: pam_mysql: error: sqllog set but loghostcolumn not set
eta saslauthd[983]: pam_mysql: error: sqllog set but logtimecolumn not set
eta saslauthd[983]: returning 0 .
eta saslauthd[983]: returning 0.
eta saslauthd[982]: pam_sm_authenticate called.
eta saslauthd[982]: dbuser changed.
eta saslauthd[982]: dbpasswd changed.
eta saslauthd[982]: host changed.
eta saslauthd[982]: database changed.
eta saslauthd[982]: table changed.
eta saslauthd[982]: usercolumn changed.
eta saslauthd[982]: passwdcolumn changed.
eta saslauthd[982]: crypt changed.
eta saslauthd[982]: db_connect called.
eta saslauthd[982]: returning 0 .
eta saslauthd[982]: db_checkpasswd called.
eta saslauthd[982]: pam_mysql: where clause =
eta saslauthd[982]: SELECT password FROM accountuser WHERE username='karl'
eta saslauthd[982]: pam_mysql: select returned more than one result
eta saslauthd[982]: returning 7 after db_checkpasswd.
eta saslauthd[982]: AUTHFAIL: user=karl service=imap realm= [PAM auth error]
I made so many tests and roundabouts, I do not longer understand what
is going on. The users cyrus and karl exist in sasldb2 and also in the
database mail (MySQL) with clearpassword.
eta:/var/log # saslpasswd2 -c andreas
Password:
Again (for verification):
eta:/var/log # telnet localhost 143
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK localhost Cyrus IMAP4 v2.1.12 server ready
. login cyrus cyruspass
. OK User logged in
. login andreas andreaspass # same as the cyruspass
. BAD Already logged in
. logout
* BYE LOGOUT received
. OK Completed
Connection closed by foreign host.
Why is andreas already logged in? due to the same passwd like cyrus?
Any help appreciated. Completly clueless.
--
Andreas Meyer
Object Class Common Name userPassword
posixAccount andreas {SSHA}hpyqObx1/BXbKFgXoqCayoGsvIgPYiVc
Re: pam_mysql and cyrus_sasl
Andreas Meyer wrote: eta saslauthd[982]: pam_mysql: where clause = eta saslauthd[982]: SELECT password FROM accountuser WHERE username='karl' eta saslauthd[982]: pam_mysql: select returned more than one result eta saslauthd[982]: returning 7 after db_checkpasswd. eta saslauthd[982]: AUTHFAIL: user=karl service=imap realm= [PAM auth error] It looks like you have multiple rows in your accountuser table that have username='karl' (you should probably have a unique index on it anyway), or else accountuser is a view that is matching more than one row. The error message is telling you exactly what the problem is -- when it looks up the username in your mysql table, it is getting more than one row so it doesn't know what to use to validate the login. -- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
Re: pam_mysql and cyrus_sasl
Hello!
Am Wed, 12 Mar 2003 15:01:36 -0500 schrieb John Alton Tamplin:
eta saslauthd[982]: pam_mysql: where clause =
eta saslauthd[982]: SELECT password FROM accountuser WHERE username='karl'
eta saslauthd[982]: pam_mysql: select returned more than one result
eta saslauthd[982]: returning 7 after db_checkpasswd.
eta saslauthd[982]: AUTHFAIL: user=karl service=imap realm= [PAM auth error]
It looks like you have multiple rows in your accountuser table that have
username='karl' (you should probably have a unique index on it anyway),
or else accountuser is a view that is matching more than one row. The
error message is telling you exactly what the problem is -- when it
looks up the username in your mysql table, it is getting more than one
row so it doesn't know what to use to validate the login.
ok, I installed the database newly according to the docs of php-webcyradm
and the problem pam_mysql: select returned more than one result is gone.
Seems I was reading an obsolete docu.
But the problem with squirrelmail or another MUA is still there:
eta imapd[2041]: accepted connection
eta imapd[2041]: badlogin: localhost[127.0.0.1] plaintext andreas SASL(-13): \
authentication failure: checkpass failed
eta master[968]: process 2041 exited, status 0
eta master[2050]: about to exec /usr/cyrus/bin/imapd
eta imap[2050]: executed
eta imapd[2050]: accepted connection
eta imapd[2050]: badlogin: localhost[127.0.0.1] plaintext karl SASL(-13): \
authentication failure: checkpass failed
sigh, don't know what to do. Postfix delivers without a problem.
Return-Path: [EMAIL PROTECTED]
Received: from eta.meyer.home ([unix socket])
by eta.meyer.home (Cyrus v2.1.12) with LMTP; Wed, 12 Mar 2003 23:32:08 +0100
X-Sieve: CMU Sieve 2.2
Received: from lo (localhost [127.0.0.1])
by eta.meyer.home (Postfix 2.0.5 on eta.meyer.home) with ESMTP id 138898825
for [EMAIL PROTECTED]; Wed, 12 Mar 2003 23:31:44 +0100 (CET)
Message-Id: [EMAIL PROTECTED]
Date: Wed, 12 Mar 2003 23:31:45 +0100 (CET)
From: [EMAIL PROTECTED]
To: undisclosed-recipients:;
asdf
Postfix is using the same database in mysql and also is using saslauthd.
If I only knew how to track this problem down.
# telnet localhost 143
Connected to localhost.
Escape character is '^]'.
* OK eta.meyer.home Cyrus IMAP4 v2.1.12 server ready
. login andreas andreaspass
. NO Login failed: authentication failure
What do I not understand here? Is this kind of authetication
not using saslauthd? I have this entry in imapd.conf:
sasl_pwcheck_method: saslauthd
allowplaintext: yes
sasl_mech_list: PLAIN
servername: localhost
eta:/etc # /usr/local/bin/imtest -m login -a andreas localhost
S: * OK eta.meyer.home Cyrus IMAP4 v2.1.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS \
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN \
MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN andreas {8}
S: + go ahead
C: omitted
S: L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
Postfix clearly has tables to look in for delivery.
hm this seems to become a sysyphuswork. Problem seems to be
with pam although I cannot see where.
--
Andreas Meyer
Object Class Common Name userPassword
posixAccount andreas {SSHA}hpyqObx1/BXbKFgXoqCayoGsvIgPYiVc
