Date: Mon, 26 Feb 2018 16:53:41 -0500 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: freebsd-questions@freebsd.org Subject: How to configure cyrus-imapd3 to use /etc/passwd Message-ID: <59a239974b6435d374527a7b0f7304ce.squirrel@webmail.harte-lyne.ca>
next in thread | raw e-mail | index | archive | help
I have installed cyrus-imapd30-3.0.4_3, configured imapd.conf to set
--sasl_pwcheck_method: saslauthd--, and restarted both saslauthd and
imapd.
Saslauthd shows this in ps:
# ps -auxw | grep sasl
root 14592 0.0 0.1 43932 5768 - Is 16:08 0:00.02
/usr/local/sbin/saslauthd -a getpwent
Where -a getpwent indicates that saslauth should be checking
/etc/passwd for the user.
These are the contents of /var/run/saslauthd:
# ll /var/run/saslauthd/*
srwxrwxrwx 1 root mail 0 Feb 26 16:08 /var/run/saslauthd/mux
-rw------- 1 root mail 0 Feb 26 16:08 /var/run/saslauthd/mux.accept
-rw------- 1 root mail 6 Feb 26 16:08 /var/run/saslauthd/saslauthd.pid
When I attempt to connect to cyradm I get this error:
# sudo -u cyrus cyradm localhost
Password:
[ SSL_connect error -1 ]
[ SSL session removed ]
[ TLS negotiation did not succeed ]
cyradm: cannot authenticate to server with as cyrus
Checking the ssl connection I get this result:
openssl s_client -connect localhost:993
CONNECTED(00000003)
write:errno=54
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1519681228
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
This seems, to me, to return success from the standpoint of
establishing an ssl connection.
These entries are found in the indicted files:
#/var/log/maillog
Feb 26 16:25:40 inet17 CYRUS/imap[29830]: SASL no user in db
Feb 26 16:25:40 inet17 CYRUS/imap[29830]: SASL no user in db
Feb 26 16:25:40 inet17 CYRUS/imap[29830]: SASL unable to canonify user
and get auxprops
Feb 26 16:25:40 inet17 CYRUS/imap[29830]: badlogin: localhost
[127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify
user and get auxprops]
Feb 26 16:25:43 inet17 CYRUS/imap[29830]: SASL no user in db
Feb 26 16:25:43 inet17 CYRUS/imap[29830]: SASL no user in db
Feb 26 16:25:43 inet17 CYRUS/imap[29830]: SASL unable to canonify user
and get auxprops
Feb 26 16:25:43 inet17 CYRUS/imap[29830]: badlogin: localhost
[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: unable to canonify
user and get auxprops]
#/var/log/messages
Feb 26 16:25:29 inet17 CYRUS/imap[29830]: OTP unavailable because
can't read/write key database /etc/opiekeys: Permission denied
# ll /etc/opie*
-rw------- 1 root wheel 438 Jul 20 2017 /etc/opieaccess
-rw------- 1 root wheel 0 Oct 31 14:36 /etc/opiekeys
So my question is: Where and how do I configure cyrus-imapd to
authenticate against /etc/passwd?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?59a239974b6435d374527a7b0f7304ce.squirrel>