I am using cyrus-sasl with pam mysql ( on Centos5)
The mysql is on a remote server. After some time I find that there are
too many connections to mysql open ( using netstat)
I restart saslauthd but still these dont away
How do I check what the mysql connection is being used for ? and how do
I av
Am Monday 18 September 2006 19:00 schrieb Sam Smith:
> The saslauthd output when run in debug mode while I login - doesn't show
> any problems:
> saslauthd[2194] :do_auth : auth success: [user=sam]
> [service=imap] [realm=] [mech=pam]
> saslauthd[2194] :do_request : response: OK
Loo
Andreas Winkelmann wrote:
Am Thursday 14 September 2006 18:23 schrieb Sam Smith:
We've been using cyrus faithfully with pam->NIS for years, but I have to
change to pam->LDAP.
I'm using saslauthd -a pam, with a solaris 9 box that authenticates just
fine using pam->ldap to a fedora directory s
Am Thursday 14 September 2006 18:23 schrieb Sam Smith:
> We've been using cyrus faithfully with pam->NIS for years, but I have to
> change to pam->LDAP.
> I'm using saslauthd -a pam, with a solaris 9 box that authenticates just
> fine using pam->ldap to a fedora directory server.
>
> I'm using cyr
We've been using cyrus faithfully with pam->NIS for years, but I have to
change to pam->LDAP.
I'm using saslauthd -a pam, with a solaris 9 box that authenticates just
fine using pam->ldap to a fedora directory server.
I'm using cyrus 2.3.7, and sasl 2.1.22. I did not compile in ldap
support fo
>>> sender: "Simon Matter" date: "Thu, Jun 29, 2006 at 03:13:13PM +0200" << > sql_select: SELECT password FROM popusers WHERE alias='%u' and
> > domain='%r';
> ^^^
> I'm not sure you need this one.
>
> And then, from examples I found on the net I think you need the sasl_
> prefix like
sender: "Phil Pennock" date: "Wed, Jun 28, 2006 at 09:22:12PM +0200"
<<>[..]
>>pwcheck_method: auxprop
>>mech_list: plain login cram-md5 digest-md5
>>sql_engine: mysql
>>sql_database: sys
>>sql_user: someuser
>>sql_passwd: fubar
>>sql_select: SELECT passwor
>>> sender: "Phil Pennock" date: "Wed, Jun 28, 2006 at 09:22:12PM +0200" <<[..]
>pwcheck_method: auxprop
>mech_list: plain login cram-md5 digest-md5
>sql_engine: mysql
>sql_database: sys
>sql_user: someuser
>sql_passwd: fubar
>sql_select: SELECT password FROM users W
On 2006-06-27 at 19:25 +0300, Alexandru E. Ungur wrote:
> I'm having a bit of a hard time doing a migration of cyrus from this:
> anyway, on the old server it is a cyrus+saslauthd+pam+pam_mysql+mysql
> On the new server I got saslauthd working pretty much ok (I think).
Using PAM, you lose those
>>> sender: "Simon Matter" date: "Wed, Jun 28, 2006 at 08:38:02PM +0200" << Hm, I may have been wrong... While it's okay to remove the auxprop lines
> from the config, it has likely not been the cause for the logs. Your
> config really uses pam_mysql, which then fails (I think to get rid of the
> s
sender: "Simon Matter" date: "Wed, Jun 28, 2006 at 07:59:12PM +0200"
<<> Sorry, I can not help you at all with the mysql stuff because I have
>> never
>> used it with cyrus. However, you want to use pam_mysql but your
>> cyrus-imapd tries to use the mysql auxprop plugin as you can see abo
>>> sender: "Simon Matter" date: "Wed, Jun 28, 2006 at 07:59:12PM +0200" << Sorry, I can not help you at all with the mysql stuff because I have never
> used it with cyrus. However, you want to use pam_mysql but your
> cyrus-imapd tries to use the mysql auxprop plugin as you can see above. So
> you
sender: "Simon Matter" date: "Wed, Jun 28, 2006 at 07:13:40PM +0200"
<<> Make that 'cyradm -user cyrus -auth login localhost'
>
> Thank you! :)
> I did that, here's what happened:
>
> FIRST, I used the old pam_mysql 0.4.5 that was on the old server,
> though it might make a differenc
>>> sender: "Simon Matter" date: "Wed, Jun 28, 2006 at 07:13:40PM +0200" << Make that 'cyradm -user cyrus -auth login localhost'
Thank you! :)
I did that, here's what happened:
FIRST, I used the old pam_mysql 0.4.5 that was on the old server,
though it might make a difference. It didn't. ===
sender: "Alexander Dalloz" date: "Tue, Jun 27, 2006 at 08:32:52PM
+0200" <<> Am Di, den 27.06.2006 schrieb Alexandru E. Ungur um 18:25:
> First of all thank you very much for your help, I really appreciate it.
>
>> Do you use virtdomain support with Cyrus-IMAPd? If not, then appending
>>
>>> sender: "Alexander Dalloz" date: "Tue, Jun 27, 2006 at 08:32:52PM +0200"
>>> << Am Di, den 27.06.2006 schrieb Alexandru E. Ungur um 18:25:
First of all thank you very much for your help, I really appreciate it.
> Do you use virtdomain support with Cyrus-IMAPd? If not, then appending
> the rea
Am Di, den 27.06.2006 schrieb Alexandru E. Ungur um 18:25:
> 3. [EMAIL PROTECTED] lib]# testsaslauthd -u cyrus -p PASSWORD -s imap
>0: OK "Success."
>
> So I think I got the sasl+pam+mysql part working (but I could be wrong,
> I'm pretty new to the whole cyrus
So I think I got the sasl+pam+mysql part working (but I could be wrong,
I'm pretty new to the whole cyrus world :D)
Now, my problem is that I cannot for the life of me get cyradm working.
Here is the imapd.conf:
configdirectory: /cyrus/imap
partition-default: /cyrus/spool
defaultacl: lrswipc
elp of the list I have set up cyrus + sasl + pam + mysql. The
only problem I still have is that I can't log in for a user with the
cyradm password.
My cyradm password is set and can be found in the /etc/sasldb2 file.
If you have your users in mysql, you don't need anything in /etc/
Rudy Gevaert schrieb:
My cyradm password is set and can be found in the /etc/sasldb2 file.
If you have your users in mysql, you don't need anything in /etc/sasldb2.
You have to set your admin accounts for cyradm in the mysql db.
Ok: I removed /etc/sasldb2 and added a user cyradm in my mysql db.
Simon Matter wrote:
Hi,
With the help of the list I have set up cyrus + sasl + pam + mysql. The
only problem I still have is that I can't log in for a user with the
cyradm password.
My cyradm password is set and can be found in the /etc/sasldb2 file.
If you have your users in mysql
> Hi,
>
> With the help of the list I have set up cyrus + sasl + pam + mysql. The
> only problem I still have is that I can't log in for a user with the
> cyradm password.
>
> My cyradm password is set and can be found in the /etc/sasldb2 file.
If you have your user
Hi,
With the help of the list I have set up cyrus + sasl + pam + mysql. The
only problem I still have is that I can't log in for a user with the
cyradm password.
My cyradm password is set and can be found in the /etc/sasldb2 file.
How can I further debug this?
Thanks in ad
> Is this true? Because:
>
> An imapd.conf with
>
> sasl_mech_list: PLAIN
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: sql
> sasl_sql_engine: mysql
> sasl_mech_list: PLAIN
> sasl_sql_hostnames: localhost
> sasl_sql_user: mail
> sasl_sql_passwd: x
> sasl_sql_database: mail
> sasl_sql_verbo
Hello,
I have tried to set up cyrus with passwords in mysql. I only have the
password in crypt format.
I'm using debian sarge, but the cyrus is compiled from source.
I thought I could do this the following way:
1) configure sasl so that it uses pam for authentication
2) configure pam so tha
e there's a LOT of ways
> to do that (auxprop, sasl-ldap, and sasl-pam-ldap).
Hi,
I'm little confused. I don't know about an auxprop ldap plugin, the two
ways I know are saslauthd->ldap and saslauthd->pam->ldap. IIRC you never
put a file into the sasl2 lib folder, only use
ways
to do that (auxprop, sasl-ldap, and sasl-pam-ldap).
All the different ways confuse me, and I want to clarify my options.
Would someone please verify what I THINK is supposed to happen?
1.
--imapd.conf file has NO sasl parameters.
--imapd file in sasl2 folder has one paramter pwcheck_method:pam
Thanks again --will work on that. If I compiled it w/o these options then
why the Cyrus daemon offer: AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5
Or is that normal behavior?
-Tico
> You need to have an SSL layer established before Cyrus will offer
> PLAIN.
>
> -Rob
>
> On Thu, 16 Jan 2003, Thomas Hanna
Thanks much! (for some reason I thought the only options available were
sasldb or pam for that setting)
However, I still get errors when trying to do PLAIN auth (haven't even
tried setting up SSL yet)
# imtest -u test1 -a test1 -w 1234 -v -m PLAIN 192.168.1.98
S: * OK mail.test Cyrus IMAP4 v2.1.1
Thomas Hannan wrote:
>
> Hi all,
>
> The cliffnotes version of my problem is that even though I run
> /usr/local/sbin/saslauthd -a pam&
> and my /etc/imapd.conf contains "sasl_pwcheck_method: pam"
This should be "sasl_pwcheck_method: saslauthd"
--
Kenneth Murchison Oceana Matrix Ltd.
Sof
You need to have an SSL layer established before Cyrus will offer PLAIN.
-Rob
On Thu, 16 Jan 2003, Thomas Hannan wrote:
> Thanks much! (for some reason I thought the only options available were
> sasldb or pam for that setting)
>
> However, I still get errors when trying to do PLAIN auth (haven'
You want to use:
sasl_pwcheck_method: saslauthd
-Rob
On Thu, 16 Jan 2003, Thomas Hannan wrote:
> Hi all,
>
> The cliffnotes version of my problem is that even though I run
> /usr/local/sbin/saslauthd -a pam&
> and my /etc/imapd.conf contains "sasl_pwcheck_method: pam"
> I get an auth failed whe
Hi all,
The cliffnotes version of my problem is that even though I run
/usr/local/sbin/saslauthd -a pam&
and my /etc/imapd.conf contains "sasl_pwcheck_method: pam"
I get an auth failed when trying to login over IMAP or imtest:
$ testsaslauthd -u tico2 -p test1234 -s imap
0: OK "Success."
$ testsa
I wanted to include a solution to the problem that
I submited to this list a week ago.
The problem I had was having the Cyrus server
respond at all after building it with the Cyrus-SASL
software. I want it to work with OpenLDAP and
the pam_ldap module so the users do not have to
be in /etc/pa
t; > make all CFLAGS=-O
> >
> > Hope this helps,
> > Lee
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of Tarjei Huse
> > Sent: Friday, November 09, 2001 5:26 PM
> > To: Gardiner Lever
om: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Tarjei Huse
> Sent: Friday, November 09, 2001 5:26 PM
> To: Gardiner Leverett
> Cc: [EMAIL PROTECTED]
> Subject: Re: Solaris 7 and Cyrus 2.0.16/LDAP/SASL/PAM
>
> This lookes like the good old SASL-LDAP problem.
Behalf Of Tarjei Huse
Sent: Friday, November 09, 2001 5:26 PM
To: Gardiner Leverett
Cc: [EMAIL PROTECTED]
Subject: Re: Solaris 7 and Cyrus 2.0.16/LDAP/SASL/PAM
This lookes like the good old SASL-LDAP problem. Have you read the FAQ?
Faq: cyrus-utils.sf.net/faq have a special look at the death by 11
This lookes like the good old SASL-LDAP problem. Have you read the FAQ?
Faq: cyrus-utils.sf.net/faq have a special look at the death by 11 section :)
Hope this helps.
Tarjei
Gardiner Leverett wrote:
>
> I have a rather complicated load I'm trying to do. I've been going
> through the archives
I have a rather complicated load I'm trying to do. I've been going
through the archives without any answers.
I have a server running Solaris 2.7, and I'm trying to build Cyrus 2.0.16
with SASL 1.5.24, OpendLDAP 2.0.18, and pam_ldap 1.33.
I can't even tell if any of this is working as the im
Hey guys,
I'm not sure if this is the appropriate list for this or not. The SASL one
seems to not be very lively, so I don't know if it's gone defunct or what
have you. So, if it is the wrong place, I apologize for the spam.
The problem is just what I said. Actually, I'm runni
Hey Kevin,
Thursday, April 12, 2001, 4:38:03 PM, you wrote:
KMM> Both IP addresses use SASL for authenticatiom and I can use multiple LDAP
KMM> servers and multiple basedns very nicely. Mail is stored in separate
KMM> spools for each IP address and I can have identical uids for multipe
KMM> ad
Hey Kevin,
Thursday, April 12, 2001, 4:38:03 PM, you wrote:
KMM> Both IP addresses use SASL for authenticatiom and I can use multiple LDAP
KMM> servers and multiple basedns very nicely. Mail is stored in separate
KMM> spools for each IP address and I can have identical uids for multipe
KMM> ad
Kevin,
Here at Rutgers, we are looking to do the same thing you are, and are
currently running into the same problems you are facing. Our LDAP servers
run
on Novell NDS, and when we initially had this problem with pam_ldap, we
looked
to use the pam_nds module, which we thought would handle the p
Wilson,
I did not mean to say that Novell designed LDAP. What I meant to say is
Novell
designed NDS to be highly organized.
Sorry for the "incorrect" terminology and anyone I have offended...
-John
Wilson Yeung wrote:
> > multiple contexts in an ldap tree (since Novell designed LDAP to be
h
> Hi,
>
> I'm looking for a good linux howto which guides thru the implementation
> process of:
>
> IMAPD -> SASL -> PAM -> LDAP
>
> I tried with the READMEs / FAQs in every single package but a got an
> error by imapd:
>
> mechanism not implem
Hi,
I'm looking for a good linux howto which guides thru the implementation
process of:
IMAPD -> SASL -> PAM -> LDAP
I tried with the READMEs / FAQs in every single package but a got an
error by imapd:
mechanism not implemented
I think I have a config error in one or more confi
Thanks to all for your help.
I finally downloaded the correct patch, and applied it to sasl.
Everything is working like a charm - 8 cyrus servers running on 1 machine, all
using the -C config option with 8 different config files, all configs pointing
to a different basedn in the ldap tree. It d
From: "John C. Amodeo" <[EMAIL PROTECTED]>
> One other question to add to my previous e-mail. Are you supposed to use
the "Cyrus LDAP
> auth patch" or the "Cyrus SASL 1.5.24 LDAP auth and mysql patch"?
>
Use the LDAP + MySQL patch.
> If you have to use the "Cyrus SASL 1.5.24 LDAP auth and mysql
Sorry,
One other question to add to my previous e-mail. Are you supposed to use the "Cyrus
LDAP
auth patch" or the "Cyrus SASL 1.5.24 LDAP auth and mysql patch"?
If you have to use the "Cyrus SASL 1.5.24 LDAP auth and mysql patch" do you have a
modified version minus the mysql stuff, or is it
On Thu, 12 Apr 2001, John C. Amodeo wrote:
> A quick question...
>
> We downloaded the patches form Openldap.org, but looking at the source, there are no
> provisions to pass ldap_server or ldap_basedn. Am I missing something here? The
> code in the pwcheck_ldap.c suggests that you need to hard
A quick question...
We downloaded the patches form Openldap.org, but looking at the source, there are no
provisions to pass ldap_server or ldap_basedn. Am I missing something here? The
code in the pwcheck_ldap.c suggests that you need to hard-code the ldap information
in, then compile.
We are
Wilson,
I did not mean to say that Novell designed LDAP. What I meant to say is Novell
designed NDS to be highly organized.
Sorry for the "incorrect" terminology and anyone I have offended...
-John
Wilson Yeung wrote:
> > multiple contexts in an ldap tree (since Novell designed LDAP to be hi
Kevin,
Here at Rutgers, we are looking to do the same thing you are, and are
currently running into the same problems you are facing. Our LDAP servers run
on Novell NDS, and when we initially had this problem with pam_ldap, we looked
to use the pam_nds module, which we thought would handle the p
> But with Cyrus, I need to somehow pass information up the stack pertaining
> to the IP address the request came from. In turn, with a pam_ldap module
> that is IP-address aware, I can switch directory trees based on IP-address
> and I think my problem will be solved.
>
> In other words, say I
Hello,
I have been working on a mail server project that will need to potentially
serve many virtual domains. One of the design requirements is that any
consolidation of existing mail servers to this one server be transparent
to the end user (with maybe the exception of a password change). This
ight (I'm a PAM newbie) on why you chose the PAM options as you did.
Again, thanks for your help!!!
--Josh
> -Original Message-
> From: Pascal Pucci [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 26, 2001 10:54 AM
> To: Joshua Penix; [EMAIL PROTECTED]
> Subject:
Seva Adari [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 26, 2001 10:59 AM
> To: Joshua Penix
> Cc: [EMAIL PROTECTED]
> Subject: Re: Cyrus/SASL/PAM/LDAP - what am I missing?
>
>
> The following
d file. But as soon as I tell PAM to reference LDAP, it starts
> choking...
>
> I understand the need for plain/cleartext passwords throughout the system,
> and believe I have everything compiled and set up to talk that way as
> evidenced by the working Cyrus->SASL->PAM->
AP, it starts
> choking...
>
> I understand the need for plain/cleartext passwords throughout the system,
> and believe I have everything compiled and set up to talk that way as
> evidenced by the working Cyrus->SASL->PAM->/etc/passwd route.
>
> But as soon a
> -
> #%PAM-1.0
> auth sufficient /lib/security/pam_ldap.so
> auth required /lib/security/pam_unix_auth.so try_first_pass
> accountsufficient /lib/security/pam_ldap.so
> accountrequired /lib/security/pam_unix_acct.so
> -
try with :
authsufficient
passwords throughout the system,
and believe I have everything compiled and set up to talk that way as
evidenced by the working Cyrus->SASL->PAM->/etc/passwd route.
But as soon as I change my /etc/pam.d/imap file to look like the following:
-
#%PAM-1.0
auth suff
61 matches
Mail list logo
