Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Jun 2009 21:21:51 +0200
From:      Erik Norgaard <norgaard@locolomo.org>
To:        Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Problem authenticating with sasl in jail
Message-ID:  <4A3A93CF.4050603@locolomo.org>
In-Reply-To: <200906180620.25768.mel.flynn%2Bfbsd.questions@mailing.thruhere.net>
References:  <4A38D6FE.8000804@locolomo.org> <200906171443.07165.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <4A39D5C7.8000009@locolomo.org> <200906180620.25768.mel.flynn%2Bfbsd.questions@mailing.thruhere.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Mel Flynn wrote:
> On Wednesday 17 June 2009 21:51:03 Erik Norgaard wrote:
> 
>>>> Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com [172.16.0.2]
>>>> plaintext cyrus@example.com SASL(-13): user not found: checkpass failed
>>>>
> 
> So does the imap server know the domain name? How does it figure it out? Does 
> it know to strip domain names because you configured the unix passwd backend?
> If it uses the domainname command to figure out the domainname, you may have 
> it set on the working server, yet not on the jail.
> Any differences related to domains in /etc/rc.conf and /etc/resolv.conf that 
> might shed some light?

I added the line

defaultdomain: example.com

to imapd.conf, this line is not in my working server configuration, 
however, it does make the realm part go away from the error message, not 
that it solves the problem though:

Jun 18 21:09:57 jail imap[22562]: badlogin: jail.example.com 
[172.16.0.2] plaintext cyrus SASL(-1): generic failure: checkpass failed

Now, adding debug mode to saslautd, I got some extra info in auth.log:

Jun 18 21:13:21 jail saslauthd[21300]: DEBUG: auth_pam: pam_authenticate 
failed: authentication error
Jun 18 21:13:21 jail saslauthd[21300]: do_auth         : auth failure: 
[user=cyrus@example.com] [service=imap] [realm=] [mech=pam] [reason=PAM 
auth error]

I have checked /etc/pam.d in the jail against the host and they are 
identical, also /usr/local/etc/pam.d - both empty. Are there any known 
problems with pam in jails?

> I'm sorry I can't be of more Cyrus specific help.

Thanks for taking your time, Erik

-- 
Erik Nørgaard
Ph: +34.666334818/+34.915211157                  http://www.locolomo.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A3A93CF.4050603>