Date: Thu, 18 Jun 2009 07:51:03 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> Cc: freebsd-questions@freebsd.org Subject: Re: Problem authenticating with sasl in jail Message-ID: <4A39D5C7.8000009@locolomo.org> In-Reply-To: <200906171443.07165.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> References: <4A38D6FE.8000804@locolomo.org> <200906171204.38995.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <4A3966FE.7020702@locolomo.org> <200906171443.07165.mel.flynn%2Bfbsd.questions@mailing.thruhere.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mel Flynn wrote: >> Looking again on the logs: >> >> Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com [172.16.0.2] >> plaintext cyrus@example.com SASL(-13): user not found: checkpass failed >> >> The user cyrus exists, I can login and get shell access, but there may >> be something about the realm, that causes the user not to be found? But: > > Any chance there's a minuserid in effect? dovecot doesn't allow logins from > user id's <1000 by default. There may be a similar issue with Cyrus and sounds > like something one would overlook. No, the cyrus user has the same uid and passwd in both jail and on host. > It still is disturbing that no mechanisms are found. Are there maybe left > overs in site_perl/5.8.9? I recently (may) deinstalled all packages and upgraded everything, there are nothing perlish that should cause such problems: I have checked using cyradm to connect from the host to host, host to jail, jail to host and jail to jail. In all cases, I can connect with the imap instance on the host, but not in the jail. > Or do you have restrictions that only allow plain > logins when tls is in effect? There are indeed: allowplaintext: yes allowplainwithouttls: no sasl_mech_list: plain sasl_minimum_layer: 128 sasl_pwcheck_method: saslauthd However, this is the same configuration that I have on the host where everything works fine. It appears to be something with the realm, really: I did a bad login on the working server just to see what goes on there (user games): Jun 18 07:46:28 <local6.notice> alpha imap[14244]: badlogin: jail.example.com [172.16.0.2] plaintext games SASL(-13): authentication failure: checkpass failed And just for comparison, a successful login: Jun 18 07:39:54 <local6.notice> alpha imap[14127]: login: jail.example.com [172.16.0.2] cyrus plaintext User logged in Both where I connect out from the jail to the host. Note there is no realm specified contrary to the log entries found in the jail. thanks again, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A39D5C7.8000009>