From owner-freebsd-questions@freebsd.org Mon Feb 26 22:02:13 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0E4A2F266E5 for ; Mon, 26 Feb 2018 22:02:13 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8405F6C335 for ; Mon, 26 Feb 2018 22:02:12 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 2B069624F5 for ; Mon, 26 Feb 2018 16:53:44 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q8T9o2k7KXSc for ; Mon, 26 Feb 2018 16:53:41 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 5880962440 for ; Mon, 26 Feb 2018 16:53:41 -0500 (EST) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Mon, 26 Feb 2018 16:53:41 -0500 Message-ID: <59a239974b6435d374527a7b0f7304ce.squirrel@webmail.harte-lyne.ca> Date: Mon, 26 Feb 2018 16:53:41 -0500 Subject: How to configure cyrus-imapd3 to use /etc/passwd From: "James B. Byrne" To: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 22:02:13 -0000 I have installed cyrus-imapd30-3.0.4_3, configured imapd.conf to set --sasl_pwcheck_method: saslauthd--, and restarted both saslauthd and imapd. Saslauthd shows this in ps: # ps -auxw | grep sasl root 14592 0.0 0.1 43932 5768 - Is 16:08 0:00.02 /usr/local/sbin/saslauthd -a getpwent Where -a getpwent indicates that saslauth should be checking /etc/passwd for the user. These are the contents of /var/run/saslauthd: # ll /var/run/saslauthd/* srwxrwxrwx 1 root mail 0 Feb 26 16:08 /var/run/saslauthd/mux -rw------- 1 root mail 0 Feb 26 16:08 /var/run/saslauthd/mux.accept -rw------- 1 root mail 6 Feb 26 16:08 /var/run/saslauthd/saslauthd.pid When I attempt to connect to cyradm I get this error: # sudo -u cyrus cyradm localhost Password: [ SSL_connect error -1 ] [ SSL session removed ] [ TLS negotiation did not succeed ] cyradm: cannot authenticate to server with as cyrus Checking the ssl connection I get this result: openssl s_client -connect localhost:993 CONNECTED(00000003) write:errno=54 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 307 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1519681228 Timeout : 300 (sec) Verify return code: 0 (ok) --- This seems, to me, to return success from the standpoint of establishing an ssl connection. These entries are found in the indicted files: #/var/log/maillog Feb 26 16:25:40 inet17 CYRUS/imap[29830]: SASL no user in db Feb 26 16:25:40 inet17 CYRUS/imap[29830]: SASL no user in db Feb 26 16:25:40 inet17 CYRUS/imap[29830]: SASL unable to canonify user and get auxprops Feb 26 16:25:40 inet17 CYRUS/imap[29830]: badlogin: localhost [127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops] Feb 26 16:25:43 inet17 CYRUS/imap[29830]: SASL no user in db Feb 26 16:25:43 inet17 CYRUS/imap[29830]: SASL no user in db Feb 26 16:25:43 inet17 CYRUS/imap[29830]: SASL unable to canonify user and get auxprops Feb 26 16:25:43 inet17 CYRUS/imap[29830]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: unable to canonify user and get auxprops] #/var/log/messages Feb 26 16:25:29 inet17 CYRUS/imap[29830]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied # ll /etc/opie* -rw------- 1 root wheel 438 Jul 20 2017 /etc/opieaccess -rw------- 1 root wheel 0 Oct 31 14:36 /etc/opiekeys So my question is: Where and how do I configure cyrus-imapd to authenticate against /etc/passwd? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3