[Web-cyradm] Re: Problem with pam_mysql and FQUN
Wim Bakker
support at systux.nl
Sun Apr 6 20:05:09 CEST 2008
Wim Bakker wrote:
> Hai
>
> I have a problem with user authentication
> pam_mysql can't find my users when I try to use
> FQUN.
> The problem seems to be with pam_mysql that does not
> seem to be aware of login realms
> tested with testsaslauthd :
> -testsaslauthd -u username -r domain.tld -p password
> 0: NO "authentication failed"
>
> -testsaslauthd -u username at domain.tld -p password
> 0: OK "Success."
>
> So when I use username=username and realm=domain.tld
> pam_mysql fails and when I do username=username at domain.tld
> and forget abour realm= , pam_mysql goes fine. The problem is
> that saslauthd uses the first form :
> saslauthd[1248]: do_auth : auth failure: [user=username]
> [service=imap] [realm=domain.tld] [mech=pam] [reason=PAM auth error].
>
> So two possible solutions
> either saslauthd should try user=username at domain.tld or pam_mysql
> should honour the realm=domain.tld. How do I have to configure
> cyrus-imap/web-cyradm or pam
> for either one of these solutions.
found it saslauthd should be started with the -t option otherwise
it strips the realm from the login name
without -r :
pam_mysql - SELECT password FROM accountuser WHERE username = 'username'
with -r
pam_mysql - SELECT password FROM accountuser WHERE username =
'username at domain.tld'
thanks
Wim Bakker
More information about the Web-cyradm
mailing list