Bug 219410
| Summary: | auth methods plain and login plus (cram-md5 and digest-md5) borked ? | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | sheridan west <sheridanj.west> |
| Component: | cyrus-sasl | Assignee: | Steve Conklin <sconklin> |
| Status: | CLOSED WONTFIX | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| URL: | http://rpmfind.net//linux/RPM/fedora/6/i386/cyrus-sasl-lib-2.1.22-4.i386.html | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-01-04 17:02:12 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
sheridan west
2006-12-12 22:45:34 UTC
I'm not sure I even understand what's going on here. Is this happening with postfix, or cyrus-imapd, or both? Do you have the cyrus-sasl-plain and cyrus-sasl-md5 packages installed? Which SASL mechanism is in use when you're running into failures? If you're using PLAIN or LOGIN, is saslauthd running? If saslauthd is running, is it using its default "pam" mechanism, or has that part of its configuration been changed? If it's using "pam", what are the contents of your /etc/pam.d/smtp, /etc/pam.d/imap, and /etc/pam.d/pop files? For the CRAM-MD5 and DIGEST-MD5 mechanisms, is the service in question able to read the file? What are the errors which are logged? Hi this bug deals with sasl, and not imap (thats bdb and issue http://mail-index.netbsd.org/tech-pkg/2005/01/27/0031.html it appears) saslauthd is running is i can "ok" verify login to a user account using the test sasl program. my /etc/pam.d files are what shipped with fc6, having found them before wrote i've yet to cover any decent info about them or how they might utiltise sasl2 in fc6. I have found my older distro does not need an /etc/pam.d/imap file but sasldblistusers2 command can read my old sasldb2 password file. fc6 imap pamd.d file: auth include system-auth account include system-auth fwiw: pam.d on the working sasl distro uses pam_unix2.so as an account mech If one cannot test login to sasl i also see no point in setting up postfix and cyrus imap assuming that the bdb bug does mean the datastore cant be read - thats another issue. The error logged is 'no auth' in testsaslauth. While having unix accounts for imap would work in fc6, it rather does miss the point (why have sasl) and that would take forever to setup I've googled for this stuff -but im either looking for the wrong stuff, or need to custom compile stuff. I'll add more info as find the the time, fc6 might look pretty but i'd thought i would not have to reinvent the the sasl wheel, or also find that even customlog config statement in apache2 is broken. Examples no cyrus-imap/no postfix pure sasl #/usr/lib/sasl2/smtpd.conf pwcheck_method: saslauthd #added below: saslauthd_version: 2 mech_list: plain login cram-md5 digest-md5 #end file #/etc/pam.d/imap #%PAM-1.0 auth include system-auth account include system-auth #end file create user saslpasswd2 -c -f /etc/sasldb2 technical Password: Again (for verification): start/stop saslauth2 [root@localhost ~]# /etc/rc.d/init.d/saslauthd stop Stopping saslauthd: [ OK ] [root@localhost ~]# /etc/rc.d/init.d/saslauthd start Starting saslauthd: [ OK ] [root@localhost ~]# /etc/rc.d/init.d/saslauthd status saslauthd (pid 11181 11180 11179 11178 11172) is running... read file: [root@localhost ~]# sasldblistusers2 technical: userPassword now try sasl login testsaslauthd -u technical -p boy 0: NO "authentication failed" try pam login testsaslauthd -u root -p <password> 0: OK "Success." saslauthd[26299]: do_auth : auth failure: [user=technical] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] Dec 15 18:23:37 localhost saslauthd[26294]: server_exit : master exited: 26294 see http://www.howtoforge.com/forums/archive/index.php/t-8755.html - Never got to postfix setup does not use /etc/sasldb2 but local user account, note no imap setup either Raw sasl2 ? need http://www.clasohm.com/blog/swcat/11876 but where ? auth required pam_env.so auth required pam_mount.so auth sufficient pam_ssh.so use_first_pass auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so session optional pam_console.so session optional pam_mount.so session optional pam_ssh.so testsaslauthd is not looking up /etc/sasldb2 with root root -rw-r--r-- privelidges ok with user /etc/shadow. Ive mostly worked through my issues in fc6 but testsaslauthd is a waste of time with salsdb2 db's. Not a good diagnostic tool for sasl auths is the advice i can give you. Whether that was the cyrus teams intentions i leave in your hands. I leave the matter now. Fedora 6 has reached end of life. If this can be reproduced in a later release, please open a new bug. |