[Web-cyradm] Issue with POSTFIX pam-mysql authentication
Bryan
bhughes at friendster.com
Thu Apr 22 20:15:08 CEST 2004
I am having a problem with my setup using Cyrus IMAP 2.2.3, SASL 2.1,
POSTFIX 2.0, PAM-MYSQL 0.5. I have the IMAP server up and running,
authenticating people, and recieving mail as well as allowing any mail
client to connect.
My problem is with POSTFIX and authentication. I am using the smtptest
tool to test the same test accounts and am getting an authentication
failed message.
The problem is that for some reason, the authentication via POSTFIX is
not using the pam-mysql tables. I turned on general sql logging for
MYSQL and see all the activity from the IMAP server, but nothing from
POSTFIX.
I followed the How-To by Luc de Louw. Here is my make for POSTFIX (this
is for RedHat AS on an Opteron):
make makefiles 'CCARGS=-DHAS_MYSQL -fPIC \
-I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH \
-I/usr/local/include/sasl -I/usr/include' \
'AUXLIBS=-L/usr/local/mysql/lib/mysql \
-lmysqlclient -lz -lm -L/usr/local/lib -lsasl2 -L/usr/lib64'
==== /etc/pam.d/smtp ====
NOTE: Our passwords in the test system are in plain text.
auth sufficient pam_mysql.so user=cyrus passwd=secret host=localhost
db=mail table=accountuser usercolumn=username passwdcolumn=password
crypt=0 logtable=logmsg logmsgcolumn=logmsg logusercolumn=loguser
loghostcolumn=loghost logpidcolumn=logpid logtimecolumn=logtime
account required pam_mysql.so user=cyrus passwd=secret host=localhost
db=mail table=accountuser usercolumn=username passwdcolumn=password
crypt=0 logtable=logmsg logmsgcolumn=logmsg logusercolumn=loguser
loghostcolumn=loghost logpidcolumn=logpid logtimecolumn=logtime
==== postconf -n ====
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
mail_owner = postfix
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/share/man
mydestination = imap1.hq.friendster.com, localhost.localdomain,
mysql:/etc/postfix/mysql-mydestination.cf
mydomain = imap1.hq.friendster.com
myhostname = imap1.hq.friendster.com
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = imap1.hq.friendster.com
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 450
==== /var/log/maillog ====
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: <
localhost.localdomain[127.0.0.1]: EHLO example.com
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: >
localhost.localdomain[127.0.0.1]: 250-imap1.hq.friendster.com
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: >
localhost.localdomain[127.0.0.1]: 250-PIPELINING
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: >
localhost.localdomain[127.0.0.1]: 250-SIZE 10240000
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: >
localhost.localdomain[127.0.0.1]: 250-VRFY
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: >
localhost.localdomain[127.0.0.1]: 250-ETRN
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: >
localhost.localdomain[127.0.0.1]: 250-AUTH PLAIN LOGIN GSSAPI DIGEST-MD5
CRAM-MD5
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: >
localhost.localdomain[127.0.0.1]: 250-AUTH=PLAIN LOGIN GSSAPI DIGEST-MD5
CRAM-MD5
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: match_hostname:
localhost.localdomain ~? 127.0.0.0/8
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: match_hostaddr: 127.0.0.1 ~?
127.0.0.0/8
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: >
localhost.localdomain[127.0.0.1]: 250-XVERP
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: >
localhost.localdomain[127.0.0.1]: 250 8BITMIME
Apr 22 10:50:22 imap1 postfix/smtpd[17491]: watchdog_pat: 0x55a658
Apr 22 10:50:24 imap1 postfix/smtpd[17491]: <
localhost.localdomain[127.0.0.1]: AUTH PLAIN
YXNjYWxlMTAwAGJodWdoZXMAcGFzc3dvcmQ=
Apr 22 10:50:24 imap1 postfix/smtpd[17491]: smtpd_sasl_authenticate:
sasl_method PLAIN, init_response YXNjYWxlMTAwAGJodWdoZXMAcGFzc3dvcmQ=
Apr 22 10:50:24 imap1 postfix/smtpd[17491]: smtpd_sasl_authenticate:
decoded initial response ascale100
Apr 22 10:50:24 imap1 postfix/smtpd[17491]: warning: SASL authentication
failure: Password verification failed
Apr 22 10:50:24 imap1 postfix/smtpd[17491]: warning:
localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed
Apr 22 10:50:24 imap1 postfix/smtpd[17491]: >
localhost.localdomain[127.0.0.1]: 535 Error: authentication failed
==== /usr/lib/sasl/smtpd.conf ====
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
Again, the problem is that when I run smtptest -u test (which works fine
with imtest), there is NO mysql activity.
Thanks again,
Bryan Hughes
More information about the Web-cyradm
mailing list