Description of problem: latest pam update breaks sasl/cyrus authentication and downgrading to previous versions restores authentication. Nov 14 14:16:27 zappa imap[5542]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits new) no authentication Nov 14 14:16:29 zappa imap[4390]: SASL Password verification failed Nov 14 14:16:29 zappa imap[4390]: badlogin: [192.168.1.22] PLAIN [SASL(-13): authentication failure: Password verification failed] Nov 14 14:16:29 zappa imap[5542]: SASL Password verification failed Nov 14 14:16:29 zappa imap[5542]: badlogin: [192.168.1.22] PLAIN [SASL(-13): authentication failure: Password verification failed] Nov 14 14:16:36 zappa imap[5542]: badlogin: [192.168.1.22] LOGIN [SASL(-13): authentication failure: checkpass failed] Nov 14 14:16:36 zappa imap[4390]: badlogin: [192.168.1.22] LOGIN [SASL(-13): authentication failure: checkpass failed] 2018-11-14T17:01:14Z INFO Upgrade: pam-1.3.1-6.fc30.x86_64 2018-11-14T17:01:17Z INFO Upgrade: pam-1.3.1-6.fc30.x86_64 2018-11-14T17:06:27Z INFO Upgraded: pam-1.3.1-4.fc30.x86_64 2018-11-14T17:06:27Z INFO Upgraded: pam-1.3.1-4.fc30.x86_64 2018-11-14T19:13:59Z INFO Downgrade: pam-1.3.1-3.fc29.x86_64 2018-11-14T19:14:01Z INFO warning: /etc/pam.d/fingerprint-auth created as /etc/pam.d/fingerprint-auth.rpmnew warning: /etc/pam.d/password-auth created as /etc/pam.d/password-auth.rpmnew warning: /etc/pam.d/postlogin created as /etc/pam.d/postlogin.rpmnew warning: /etc/pam.d/smartcard-auth created as /etc/pam.d/smartcard-auth.rpmnew warning: /etc/pam.d/system-auth created as /etc/pam.d/system-auth.rpmnew 2018-11-14T19:14:01Z INFO Downgrade: pam-1.3.1-3.fc29.x86_64 2018-11-14T19:14:01Z INFO Downgraded: pam-1.3.1-6.fc30.x86_64 2018-11-14T19:14:01Z INFO Downgraded: pam-1.3.1-6.fc30.x86_64 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Just a simple question, before I start into debugging this: Did you restart `saslauthd` *after* upgrading pam to the latest revision? *** Could you please give me some more logs about pam?
I've just tested authenticating a local user for imap using cyrus-imapd, pam-1.3.1-7.fc30.x86_64, and libxcrypt-4.3.4-1.fc30.x86_64 without problems: $testsaslauthd -u besser82 -p $passwd -s imap 0: OK "Success." Can you please test again with those packages and/or give me any further instructions how to reproduce this issue on my machine?
I'm trying to reproduce this issue and I'm no longer able to. I did restart cyrus-imapd and downgrade pam but I see there was also an openssl package update so perhaps I needed to only restart cyrus-imapd and I restarted the service while I downgraded pam ... this appears to have solved the problem because I've updated pam to the same version as when it was failing and now it's no longer failing. I'm closing this BZ. Sorry for the noise.
Allrighty, never mind!