[Web-cyradm] Auth problem
Chris Locke
clocke at stratitec.com
Thu Apr 15 14:27:28 CEST 2004
I am having a problem getting cyrus to let my authenticate. I have
searched the archives and google, I found plenty of people who have had
the problem but no real fix that seems to work for me.
I am running a variant of redhat 9, cyrus, web-cyradm, mysql, postfix. I
have recompiled postfix with mysql support. here are the errors I get
------------------------------------------------------------------------------
[root at localhost defiance]# cyradm --user cyrus --server localhost
IMAP Password:
Login failed: generic failure at
/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 118
cyradm: cannot authenticate to server with as cyrus
------------------------------------------------------------------------------
and here are the messages If I try to imap with a user I created with
the web interface
Apr 16 01:07:30 localhost master[4000]: about to exec
/usr/lib/cyrus-imapd/imapd
Apr 16 01:07:30 localhost imap[4000]: DBERROR db4:
/var/lib/imap/db/__db.001: unable to initialize environment lock:
Function not implemented
Apr 16 01:07:30 localhost imap[4000]: DBERROR: dbenv->open
'/var/lib/imap/db' failed: Function not implemented
Apr 16 01:07:30 localhost imap[4000]: DBERROR: init() on berkeley
Apr 16 01:07:30 localhost imap[4000]: executed
Apr 16 01:07:30 localhost imap[4000]: accepted connection
Apr 16 01:07:32 localhost imap[4000]: badlogin: [192.168.1.69] plaintext
clocke.stratitec.com SASL(-1): generic failure: checkpass failed
______________________________________________________________________________
I have been at this for two days now and can't seem to get around it. I
am using md5 encryption for everything, but if I switch to plain and
change the password in the database I can't even login to the web
interface. Also when I try to do my saslpassword here is what I get
[root at localhost defiance]# saslpasswd2 -c cyrus
Password:
Again (for verification):
Could not set secret for cyrus
saslpasswd2: requested change was not needed
-------------------------------------------------------------------------------
I am starting to get pretty frustrated with it as I am sure I have made
some idiodic mistake. I started using the how-to by Andrew Koros and
when It didn't work all the way I refered to the one by Luc. They are a
little different so I hope my configs aren't too screwed up. I
appreciate any help you guys can give me because I reaaaaaly don't want
to tell my boss I am giving up on it. But I am pretty close to that
point.
Here are my configs for reference
/etc/imapd.conf
postmaster: postmaster
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
#admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
servername: mail2.stratitec.com
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
unixhierarchysep: yes
autocreatequota: 20000
--------------------------------------------------------------------------
/etc/cyrus.conf
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
#imaplocal cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
#imapslocal cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
#sievelocal cmd="timsieved -C /etc/imapd-local.conf
listen="127.0.0.1:sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/spool/postfix/public/lmtp"
prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
--------------------------------------------------------------------------
/etc/pam.d/imap
#%PAM-1.0
auth required /lib/security/pam_stack.so service=mail-auth
account required /lib/security/pam_stack.so service=mail-auth
--------------------------------------------------------------------------
/etc/pam.d/mail-auth
#%PAM-1.0
auth sufficient /lib/security/pam_mysql.so user=mail passwd=XXXXX
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=1 sqlLog=0
#auth sufficient /lib/security/pam_unix_auth.so
account required /lib/security/pam_mysql.so user=mail passwd=XXXXX
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=1 sqlLog=0
#account sufficient /lib/security/pam_unix_auth.so
------------------------------------------------------------------------------
/etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = mail2.stratitec.com
mydomain = stratitec.com
myorigin = $myhostname
inet_interfaces = localhost
mydestination = $myhostname, localhost.$mydomain
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
alias_maps = hash:/etc/postfix/aliases
mailbox_transport = cyrus
fallback_transport = lmtp:unix:public/lmtp
debug_peer_level = 2
debugger_command =
PATH=/usr/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.0.11/samples
readme_directory = /usr/share/doc/postfix-2.0.11/README_FILES
alias_database = hash:/etc/postfix/aliases
unknown_local_recipient_reject_code = 450
virtual_alias_maps =mysql:/etc/postfix/mysql-virtual.cf
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
---------------------------------------------------------------------
and here is my /var/www/html/web-cyradm/config/conf.php
<?php
########################################################################################
#
# This is web-cyradm Version 0.5.4
CVS
#
#
#########################################################################################
// Set Default language
$DEFAULTLANG = "en_EN";
# The Cyrus login stuff
$CYRUS = array(
'HOST' => 'localhost',
'PORT' => 143,
'ADMIN' => 'cyrus',
'PASS' => 'XXXXX'
);
/* DB_TYPE
Possible Values are:
o mysql
o pgsql
To operate a mailsystem with postgreSQL you will need a patch for
Postfix.
Other Databases need to be supported by PAM and postfix
*/
$DB = array(
'TYPE' => 'mysql',
'USER' => 'mail',
'PASS' => 'XXXXX',
'PROTO' => 'tcp', // set to "tcp" for TCP/IP
'HOST' => 'localhost',
'NAME' => 'mail'
);
$DB['DSN'] = sprintf('%s://%s:%s@%s+%s/%s', $DB['TYPE'],
$DB['USER'],
$DB['PASS'],
$DB['PROTO'],
$DB['HOST'],
$DB['NAME']);
# Where should web-cyradm write its log to?
$LOG_DIR = "/var/log/web-cyradm/";
# The default timeout in seconds for a session, after that you have to
login again
$SESS_TIMEOUT = 1000;
# The default quota sets the default quota for new domains
$DEFAULT_QUOTA = 20000;
# Defines if passwords are encrypted or not.
# Valid Values:
# - plain 0 No encription is used
# - crypt 1 (shadow compatible encription)
# - mysql 2 (MySQL PASSWORD function)
# - md5 3 (MD5 digest)
$CRYPT = "md5";
# web-cyradm is compatible with cyrus-imapd-2.0.16 (and earlier?)
# however, if you are using 2.1.x and wish to use email addresses
# with .'s in them such as 'john.doe at mydomain.com' you can set this
# option DOMAIN_AS_PREFIX to '1'. NOTE: you also have to add this
# line to your imapd.conf file:
#### imapd.conf: ####
# unixhierarchysep: yes
####
$DOMAIN_AS_PREFIX = 1;
# At the moment, web-cyradm supports two methods of password change:
# - through sql
# - poppassd
# sql is the default
$PASSWORD_CHANGE_METHOD = "sql";
# Turn up error reporting level. This overrides settings in your php.ini
#
# E_ALL - All errors and warnings
# E_ERROR - fatal run-time errors
# E_WARNING - run-time warnings (non-fatal errors)
# E_PARSE - compile-time parse errors
# E_NOTICE - run-time notices (these are warnings which often
result
# from a bug in your code, but it's possible that it
was
# intentional (e.g., using an uninitialized variable
and
# relying on the fact it's automatically initialized
to an
# empty string)
# E_CORE_ERROR - fatal errors that occur during PHP's initial
startup
# E_CORE_WARNING - warnings (non-fatal errors) that occur during
PHP's
# initial startup
# E_COMPILE_ERROR - fatal compile-time errors
# E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
# E_USER_ERROR - user-generated error message
# E_USER_WARNING - user-generated warning message
# E_USER_NOTICE - user-generated notice message
error_reporting(E_ERROR);
$VERSION="0.5.4";
# Define reserved Emailadresses (Separated by comma):
$RESERVED="postmaster,root";
More information about the Web-cyradm
mailing list