Re: New 2.4.10 install - authentication problems with saslauthd
On 05/08/11 22:32, Dan White wrote: Does your cyrus user have permissions to access the saslauthd mux? Try running your testsaslauthd command as your cyrus user... I'm assuming that during testing you were using root, or another account. Aha! Thank you so much. I had checked the permissions on /var/run/saslauthd/mux and they were 777 and also the directory /var/run/saslauthd which had 766. . I assumed that these were sufficient but I just changed the directory also to 777 and all works well. However I am not sure 777 is the right way to sort the problem. I've looked in the sasl documentation and can find nothing at all regarding the entitlements of /var/run/saslauthd. Is there any guidance on how the entitlement should be given? I would have expected to need some kind of group entitlement to be giveen to sasl users? Or is 777 ok? At least it's now working so I appreciate your help with that. Be aware that your password here is uuencoded and can be trivially reversed. Thanks for that info, I wasn't aware of that. It doesn't matter anyway, these are just test systems not connected to the outside world and that will be trashed when I'm finished. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: New 2.4.10 install - authentication problems with saslauthd
On 06/08/11 11:44 +0100, John wrote: On 05/08/11 22:32, Dan White wrote: Does your cyrus user have permissions to access the saslauthd mux? Try running your testsaslauthd command as your cyrus user... I'm assuming that during testing you were using root, or another account. Aha! Thank you so much. I had checked the permissions on /var/run/saslauthd/mux and they were 777 and also the directory /var/run/saslauthd which had 766. . I assumed that these were sufficient but I just changed the directory also to 777 and all works well. However I am not sure 777 is the right way to sort the problem. I've looked in the sasl documentation and can find nothing at all regarding the entitlements of /var/run/saslauthd. Is there any guidance on how the entitlement should be given? I would have expected to need some kind of group entitlement to be giveen to sasl users? Or is 777 ok? At least it's now working so I appreciate your help with that. A common approach is to have 777 on your mux, and then 710 on your /var/run/saslauthd, with ownership of 'root:sasl'. Add any users who need access to the saslauthd mux to the sasl group. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: New 2.4.10 install - authentication problems with saslauthd
On 05/08/11 22:10 +0100, John wrote: I have a server, currently running 2.4.7 and all is well (and has been for a very long time). I am trying to build a new server with 2.4.10 but I can't get anything to authenticate on it. configdirectory: /srv/mail/cyrus partition-default: /srv/mail/cyrus/mail admins: cyrus sasl_pwcheck_method: saslauthd sasl_saslauthd_path: /var/run/saslauthd/mux allowplaintext: yes altnamespace: yes unixhierarchysep: yes virtdomains: userid defaultdomain: mydomain.com hashimapspool: true Firstly, saslauthd is running to use PAM for authentication and on both boxes I have tested this works using testsaslauthd getting identical results on both cases. ( in both cases the test was testsaslauthd -u cyrus -p cyruspw -f /var/run/saslauthd/mux and the result was 0: OK Success.) Both boxes have the same sasl package, installed from the ArchLinux repository: # saslauthd -v saslauthd 2.1.23 authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap If I put sasl_mech_list: PLAIN into imapd.conf and retry imtest -a cyrus on the 2.4.10 box I do get a password prompt but it still errors: The log then shows: Aug 5 21:46:10 localhost imap[491]: badlogin: localhost.localdomain [::1] PLAIN [SASL(-1): generic failure: Password verification failed] Try running your saslauthd daemon in debug mode and see if it is getting contacted at all by cyrus imap. Does your cyrus user have permissions to access the saslauthd mux? Try running your testsaslauthd command as your cyrus user... I'm assuming that during testing you were using root, or another account. # imtest -a cyrus -m PLAIN 10.0.200.6 S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN AUTH=OTP AUTH=CRAM-MD5 AUTH=GSSAPI AUTH=LOGIN AUTH=DIGEST-MD5 SASL-IR] carbon Cyrus IMAP v2.4.7 server ready Please enter your password: C: A01 AUTHENTICATE PLAIN AGN5cnVzAGd1aW5uZXNz Be aware that your password here is uuencoded and can be trivially reversed. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
problems with saslauthd
I don't know if that's the correct list to put this question. Please forgive me if not the correct list and notice me where can i write the problem. -- I'm trying to use Cyrus with sasl + ldap authentication. i get this error: # cyradm --user cyrus localhost IMAP Password: Login failed: authentication failure at /usr/lib/perl5/Cyrus/IMAP/Admin.pm line 126 cyradm: cannot authenticate to server as user cyrus and... # sasltestsuite Checking plaintext passwords... Failed with: sasl_checkpass() failed on simple case - The questions are: 1. how can i check cyrus is accessing sasl? 2. how can i check sasl is accessing ldap? i paste my [/usr/local/etc/saslauthd.conf] ldap_servers: ldap://127.0.0.1 ldap_bind_dn: cn=sasl.sinclair,ou=applications,dc=domain,dc=com ldap_bind_pw: sasl ldap_search_base: ou=people,dc=domain,dc=com ldap_timeout: 10 ldap_time_limit: 10 ldap_restart: yes - I appreciate your help, thanks in advance, Felix -- Felix Cuello [EMAIL PROTECTED] - 436 - ¡Hombre! Ten confianza, porque la raza de los mortales es de origen divino. -- Versos Dorados. Recopilación de sentencias de los discípulos de Pitágoras. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
