update: Re: cyrus, mysql, is anyone out there?
At 09:48 PM 5/1/2002 -0500, you wrote: Okay, one final try. Is anyone in the world that happens to be on this list using mysql with cyrus? I can't be the only one. If you do exist, and I'm happy to see that you do, I Okay, at some point I realized I'm wasn't getting anywhere, so I abandoned trying to use Cyrus' mysql support to authenticate users directly against a mysql database. Instead, I'm falling back to the pam method via pam_mysql, which seems to have been successful from the responses I've gotten. Unfortunately, I again have a problem. I have the pam solution WORKING for imap authentication, but not for pop3 authentication. Weird, I know. First, let me show you the test connections: Here you can see that imap works: freebsd# telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK freebsd.dpbox.dhs.org Cyrus IMAP4 v2.0.16 server ready a0001 login dom0001 password a0001 OK User logged in May 1 21:57:03 freebsd imapd[5489]: login: localhost[::1] dom0001 plaintext ^] telnet quit Connection closed. But pop3 fails: freebsd# telnet localhost 110 Trying ::1... Connected to localhost. Escape character is '^]'. +OK [EMAIL PROTECTED] Cyrus POP3 v2.0.16 server ready user dom0001 +OK Name is a valid mailbox pass password May 1 21:57:39 freebsd pop3d[5491]: login: localhost[::1] dom0001 plaintext -ERR Invalid login ^] telnet quit Connection closed. Well, that's no good. So, I must have configured pam wrong. Now, if anyone here has played with pam they know about the pam-service-guessing game. It's actually quite fun. In this game you get to guess the service name that a program will use; it's not always what you think it will be. So, I initially had a service defined using the service name 'pop'. Well, that's not working, so I created a configuration for 'pop', 'pop3', and 'pop3d', a sample being shown below: pop3d auth sufficient pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 pop3d account required pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 Now, the imap configuration has the same format and information: imap auth sufficient pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 imap account required pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 The difference between imap and pop? imap works. Any ideas? Regards, Dustin --- Dustin Puryear [EMAIL PROTECTED] UNIX and Network Consultant http://members.telocity.com/~dpuryear PGP Key available at http://www.us.pgp.net In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams
Re: update: Re: cyrus, mysql, is anyone out there?
I have the pam solution WORKING for imap authentication, but not for pop3 authentication. Weird, I know. First, let me show you the test connections: you will probably find that pop3 does not allow usernames to start with numbers. Check the source or try a different username. -- Simon
Re: update: Re: cyrus, mysql, is anyone out there?
Quoting Dustin Puryear [EMAIL PROTECTED]: At 09:48 PM 5/1/2002 -0500, you wrote: So, I initially had a service defined using the service name 'pop'. Well, that's not working, so I created a configuration for 'pop', 'pop3', and 'pop3d', a sample being shown below: the service name is just 'pop'. pop3d auth sufficient pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 pop3d account required pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 Now, the imap configuration has the same format and information: imap auth sufficient pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 imap account required pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 i'm not very experienced with pam, but i think the service name shouldn't be prepended to the 'auth' and 'account' lines. in fact it should be omited, just write 'auth sufficient pam_mysql.so etc...'. or try to use 'pop' instead of 'pop3d'. regards, lukas -- Ein Schluck aus der Nase ist die Auster des kleinen Mannes
Re: update: Re: cyrus, mysql, is anyone out there?
Here is what I have in my /etc/pam.d/pop file in Redhat 7.2: #%PAM-1.0 auth required /lib/security/pam_mysql.so user=xxx passwd=xxx db=school table=user usercolumn=userid passwdcolumn=passwd accountrequired /lib/security/pam_mysql.so user=xxx passwd=xxx db=school table=user usercolumn=userid passwdcolumn=passwd Also make sure that the cyrus user can read the pam file. Are the permissions the same on both the imap and pop pam files? Dustin Puryear wrote: At 09:48 PM 5/1/2002 -0500, you wrote: Okay, one final try. Is anyone in the world that happens to be on this list using mysql with cyrus? I can't be the only one. If you do exist, and I'm happy to see that you do, I Okay, at some point I realized I'm wasn't getting anywhere, so I abandoned trying to use Cyrus' mysql support to authenticate users directly against a mysql database. Instead, I'm falling back to the pam method via pam_mysql, which seems to have been successful from the responses I've gotten. Unfortunately, I again have a problem. I have the pam solution WORKING for imap authentication, but not for pop3 authentication. Weird, I know. First, let me show you the test connections: Here you can see that imap works: freebsd# telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK freebsd.dpbox.dhs.org Cyrus IMAP4 v2.0.16 server ready a0001 login dom0001 password a0001 OK User logged in May 1 21:57:03 freebsd imapd[5489]: login: localhost[::1] dom0001 plaintext ^] telnet quit Connection closed. But pop3 fails: freebsd# telnet localhost 110 Trying ::1... Connected to localhost. Escape character is '^]'. +OK [EMAIL PROTECTED] Cyrus POP3 v2.0.16 server ready user dom0001 +OK Name is a valid mailbox pass password May 1 21:57:39 freebsd pop3d[5491]: login: localhost[::1] dom0001 plaintext -ERR Invalid login ^] telnet quit Connection closed. Well, that's no good. So, I must have configured pam wrong. Now, if anyone here has played with pam they know about the pam-service-guessing game. It's actually quite fun. In this game you get to guess the service name that a program will use; it's not always what you think it will be. So, I initially had a service defined using the service name 'pop'. Well, that's not working, so I created a configuration for 'pop', 'pop3', and 'pop3d', a sample being shown below: pop3d auth sufficient pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 pop3d account required pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 Now, the imap configuration has the same format and information: imap auth sufficient pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 imap account required pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 The difference between imap and pop? imap works. Any ideas? Regards, Dustin --- Dustin Puryear [EMAIL PROTECTED] UNIX and Network Consultant http://members.telocity.com/~dpuryear PGP Key available at http://www.us.pgp.net In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams
Re: update: Re: cyrus, mysql, is anyone out there?
At 08:51 AM 5/3/2002 +0100, simon wrote: I have the pam solution WORKING for imap authentication, but not for pop3 authentication. Weird, I know. First, let me show you the test connections: you will probably find that pop3 does not allow usernames to start with numbers. Check the source or try a different username. The username was dom0001. Regards, Dustin --- Dustin Puryear [EMAIL PROTECTED] UNIX and Network Consultant http://members.telocity.com/~dpuryear PGP Key available at http://www.us.pgp.net In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams
Re: update: Re: cyrus, mysql, is anyone out there?
At 08:49 AM 5/3/2002 -0300, Patrick Boutilier wrote: #%PAM-1.0 auth required /lib/security/pam_mysql.so user=xxx passwd=xxx db=school table=user usercolumn=userid passwdcolumn=passwd accountrequired /lib/security/pam_mysql.so user=xxx passwd=xxx db=school table=user usercolumn=userid passwdcolumn=passwd Also make sure that the cyrus user can read the pam file. Are the permissions the same on both the imap and pop pam files? This is all being done via /etc/pam.conf. Regards, Dustin --- Dustin Puryear [EMAIL PROTECTED] UNIX and Network Consultant http://members.telocity.com/~dpuryear PGP Key available at http://www.us.pgp.net In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams
Re: update: Re: cyrus, mysql, is anyone out there?
At 10:14 AM 5/3/2002 +0200, Lukas Geider wrote: Quoting Dustin Puryear [EMAIL PROTECTED]: At 09:48 PM 5/1/2002 -0500, you wrote: So, I initially had a service defined using the service name 'pop'. Well, that's not working, so I created a configuration for 'pop', 'pop3', and 'pop3d', a sample being shown below: the service name is just 'pop'. I created a configuration for pop, pop3, and pop3d. None seem to work. imap account required pam_mysql.so user=mail passwd=secret \ host=localhost db=mail table=accountuser usercolumn=username \ passwdcolumn=password crypt=0 i'm not very experienced with pam, but i think the service name shouldn't be prepended to the 'auth' and 'account' lines. in fact it should be omited, just write 'auth sufficient pam_mysql.so etc...'. or try to use 'pop' instead of 'pop3d'. It appears that under FreeBSD 4.4-RELEASE PAM configuration is done in /etc/pam.conf, rather than via /etc/pam.d/service-name. In pam.conf I have to prepend each configuration line with the service name. It appears to work nicely with imap, but pop fails. I'm using the same configuration with pop as with imap, with the exception that I changed the service imap to pop (or pop3 or pop3d). This is why I feel it should work, but am perplexed that it doesn't. Regards, Dustin --- Dustin Puryear [EMAIL PROTECTED] UNIX and Network Consultant http://members.telocity.com/~dpuryear PGP Key available at http://www.us.pgp.net In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams
Re: update: Re: cyrus, mysql, is anyone out there?
this is what I have in my pam.conf and it worked fine when I used pam_mysql with cyrus. I now switched to Simon's patch of mysql-auxprop, which also works fine for me: pop auth required /usr/local/lib/pam_mysql.so user=u passwd=p host =h db=us table=t usercolumn=c passwdcolumn=pc crypt=3 pop accountrequired /usr/local/lib/pam_mysql.so user=u passwd=p host=h db=us table=users usercolumn=user passwdcolumn=password crypt=3 pop password required /usr/local/lib/pam_mysql.so user=u passwd=p host=h db=us table=users usercolumn=user passwdcolumn=password crypt=3 you have to use above lines with saslauthd -a pam On Fri, May 03, 2002 at 08:44:39AM -0500, Dustin Puryear wrote: At 08:49 AM 5/3/2002 -0300, Patrick Boutilier wrote: #%PAM-1.0 auth required /lib/security/pam_mysql.so user=xxx passwd=xxx db=school table=user usercolumn=userid passwdcolumn=passwd accountrequired /lib/security/pam_mysql.so user=xxx passwd=xxx db=school table=user usercolumn=userid passwdcolumn=passwd Also make sure that the cyrus user can read the pam file. Are the permissions the same on both the imap and pop pam files? This is all being done via /etc/pam.conf. Regards, Dustin --- Dustin Puryear [EMAIL PROTECTED] UNIX and Network Consultant http://members.telocity.com/~dpuryear PGP Key available at http://www.us.pgp.net In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams