NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2004-07

Re: Postfix 2.1.x + SASL2.1.19 + PAM-MYSQL problems

From: Dominic Ijichi (domijichi.org)
Date: Wed Jul 28 2004 - 10:40:44 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting matthewiu.nl:

> Hi fokes,

hi

> I`ve been using sasl1 for quiet some time now and it has always done its job
> for me.
> Since some last changes within sasl some things don`t seem to act the way it
> used to.

good ol CMU...

> I`ve read on some incompatibility`s with postfix 2.x and sasl1.. so hence me
> taking a look into sasl2.
>
> After reading some documentation it pointed out that sasl2 ( auxprop ) sql
> plugin doesn`t supports crypt lookups.
> So i was wondering if there is any reason why the crypt select is not
> available in sasl2 own sql plugin or just didn`t got around to coding it?

there is a patch here to do that:
http://frost.ath.cx/software/cyrus-sasl-patches/

> After this i was back to using pam_mysql again, and i knew this worked for me
> before.
> But unfortunally the config is a bit different than from sasl1 so after
> trying
> some times i figured the config out.. ( still not 100 % completly sure if its
> ok).
>
> Some weird things struck me, and that is that sasl2 strips of the domain.tld
> if username foodomain.tld is used.
> Now here comes problem 1 in hand... my backend consist of a mysql db with the
> table mailbox and column username but all usernames are saved as
> userdomain.tld.
> First question is why would Sasl want to do such thing.

what a good question

they 'broke' the behaviour back in 2.1.14 i think it was, then restored it in
the newly released 2.1.19 with a '-r' switch to saslauthd.

> saslauthd[19655] :do_auth : auth failure: [user=foo] [service=smtp]
> [realm=bar.nl] [mech=pam] [reason=PAM auth error]
> saslauthd[19657] :get_accept_lock : acquired accept lock
> saslauthd[19656] :rel_accept_lock : released accept lock
>
> Though after trying to authenticate on the client side with foobar.nlbar.nl
> i got the following error:
>
> Jul 28 12:23:29 bar postfix/smtpd[19749]: sql_select option missing
> Jul 28 12:23:29 bar postfix/smtpd[19749]: auxpropfunc error no mechanism
> available
> Jul 28 12:23:29 bar saslauthd[19671]: pam_mysql: error: sqllog set but
> logtable not set
> Jul 28 12:23:29 bar saslauthd[19671]: pam_mysql: error: sqllog set but
> logmsgcolumn not set
> Jul 28 12:23:29 bar saslauthd[19671]: pam_mysql: error: sqllog set but
> logusercolumn not set
> Jul 28 12:23:29 bar saslauthd[19671]: pam_mysql: error: sqllog set but
> loghostcolumn not set
> Jul 28 12:23:29 bar saslauthd[19671]: pam_mysql: error: sqllog set but
> logtimecolumn not set
> Jul 28 12:23:29 bar saslauthd[19671]: do_auth : auth failure:
> [user=foobar.nl] [service=smtp] [realm=bar.nl] [mech=pam] [reason=PAM acct
> error]
>
> So first one gives a authentication error and second one comes with an
> account
> error.
>
> Here is my /etc/pam.d/smtp
> =====================
>
> auth sufficient pam_mysql.so host=localhost db=postfix user=postfix
> passwd=xxxx table=mailbox usercolumn=username passwdcolumn=password crypt=1
> auth required pam_mysql.so host=localhost db=postfix user=postfix
> passwd=xxxx table=mailbox usercolumn=username passwdcolumn=password
> crypt=1
>
> /usr/local/lib/sasl2/smtpd.conf:
> =======================
> pwcheck_method: saslauthd

you might need this?
mech_list: plain login

>
> Installed sasl2authd runs with -a pam

saslauthd -r -a pam (as above)

>
> Symlinks:
> =======
>
> 0 lrwxr-xr-x 1 root wheel 20 Jul 28 15:56 sasl
> -> /usr/local/lib/sasl2
> 0 lrwxr-xr-x 1 root wheel 20 Jul 28 11:14 sasl2
> -> /usr/local/lib/sasl2
>
> pam-mysql:
> =========
>
> (#:/usr/lib)- ldd pam_mysql.so
> pam_mysql.so:
> libpam.so.1 => /usr/lib/libpam.so.1 (0x2810c000)
> libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x28116000)
> libmysqlclient.so.12 => /usr/local/lib/mysql/libmysqlclient.so.12
> (0x2812f000)
> libz.so.2 => /usr/lib/libz.so.2 (0x28150000)
> libm.so.2 => /usr/lib/libm.so.2 (0x2815e000)
>
>
>
> postfix :
> ======
>
> main.cf
> ======
> virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
> virtual_gid_maps = static:1001
> virtual_mailbox_base = /var/virtual
> virtual_mailbox_domains =
> mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
> virtual_mailbox_maps =
> mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf

you haven't included your mysql_virtual_mailbox_maps.cf here, so might have
further issues..

hope this helps

dom

------------------------------------------
This message was penned by the hand of Dom

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]