| View previous topic :: View next topic |
| Author |
Message |
msalerno
Veteran
Joined: 17 Dec 2002
Posts: 1338
Location: Sweating in South Florida
|
 Posted: Fri Apr 01, 2005 4:25 pm Post subject: migrating from pam_mysql/sasl to sasl auxprop w/ crypt passw |
 |
|
I am trying to get sasl to work with encrypted passwords stored in a mysql database for postfix. I currently have this working with pam_mysql, but I should be able to do this with just sasl since it has all of the necessary patches. I have read through the forums and found a few other people with this problem, but nobody has been able to post a solution, it usually just magically works. I can authenticate using Plain text passwords, but if I use crypt or md5 to encrypt the passwords in the databse, it doesn't work.
Here are my configs:
| Code: | | [ebuild R ] dev-libs/cyrus-sasl-2.1.20 -authdaemond +berkdb -debug +gdbm* -java -kerberos -ldap +mysql +pam -postgres +ssl -static 0 kB |
I have also tried compiling sasl with specifying the use flags from another post I read on these forums for the hell of it:
| Code: | | USE="-authdaemond berkdb crypt -debug -gdbm -java -kerberos -ldap mysql -ntlm_unsupported_patch pam -postgres -sample -srp ssl -static -urandom" emerge cyrus-sasl |
Here are my use flags from my make.conf:
| Code: | | USE="bash-completion berkdb bzlib caps ftp hardened hardenedphp mmx sse crypt fbcon ncurses pam perl spell ssl zlib szip x86 maildir imap apache2 curl mysql innodb xml gd gd-external sasl postfix -cups -gnome -X -gtk -kde -qt" |
/etc/sasl2/smtpd.conf:
Taken from: http://wispdirect.com/docs/sasl-howto.html
| Code: | pwcheck_method: auxprop
auxprop_plugin: sql
allowanonymouslogin: no
allowplaintext: yes
mech_list: PLAIN LOGIN
srp_mda: md5
srvtab: /dev/null
opiekeys: /dev/null
password_format: crypt
sql_user: dbmail
sql_passwd: mypassword
sql_hostnames: localhost
sql_database: dbmail
sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u@%r'
log_level: 10 |
/etc/conf.d/saslauthd:
| Code: |
SASLAUTHD_OPTS=""
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam -r" |
And last but not least, the output in my logs:
| Code: | [postfix/smtpd] > unknown[192.168.10.252]: 250 8BITMIME
[postfix/smtpd] watchdog_pat: 0x80074470
[postfix/smtpd] < unknown[192.168.10.252]: AUTH LOGIN
[postfix/smtpd] smtpd_sasl_authenticate: sasl_method LOGIN
[postfix/smtpd] smtpd_sasl_authenticate: uncoded challenge: Username:
[postfix/smtpd] > unknown[192.168.10.252]: 334 CHANGEDBYME
[postfix/smtpd] < unknown[192.168.10.252]: CHANGEDBYMECHANGEDBYMECHANGEDBYME=
[postfix/smtpd] smtpd_sasl_authenticate: decoded response: test@foo.bar
[postfix/smtpd] smtpd_sasl_authenticate: uncoded challenge: Password:
[postfix/smtpd] > unknown[192.168.10.252]: 334 CHANGEDBYME
[postfix/smtpd] < unknown[192.168.10.252]: CHANGEDBYME
[postfix/smtpd] smtpd_sasl_authenticate: decoded response: CHANGEDBYME
[postfix/smtpd] warning: unknown[192.168.10.252]: SASL LOGIN authentication failed
[postfix/smtpd] > unknown[192.168.10.252]: 535 Error: authentication failed
[postfix/smtpd] watchdog_pat: 0x80074470
[postfix/smtpd] smtp_get: EOF
[postfix/smtpd] lost connection after AUTH from unknown[192.168.10.252]
[postfix/smtpd] disconnect from unknown[192.168.10.252]
[postfix/smtpd] master_notify: status 1
[postfix/smtpd] connection closed |
Anyone? |
|
| Back to top |
|
 |
msalerno
Veteran
Joined: 17 Dec 2002
Posts: 1338
Location: Sweating in South Florida
|
| Posted: Mon Apr 04, 2005 2:34 pm Post subject: |
|
|
| BUMP! |
|
| Back to top |
|
|
langthang
Retired Dev
Joined: 27 Nov 2003
Posts: 620
|
| Posted: Mon Apr 04, 2005 3:58 pm Post subject: |
|
|
You have:
| Code: | | [ebuild R ] dev-libs/cyrus-sasl-2.1.20 -authdaemond +berkdb -debug +gdbm* -java -kerberos -ldap +mysql +pam -postgres +ssl -static 0 kB |
You need:
| Code: | | [ebuild R ] dev-libs/cyrus-sasl-2.1.20-r2 -authdaemond +berkdb +crypt -debug -gdbm +java* -kerberos -ldap +mysql -ntlm_unsupported_patch +pam -postgres -sample -srp +ssl -static -urandom |
for crypt password
_________________
Gentoo users' map |
|
| Back to top |
|
|
msalerno
Veteran
Joined: 17 Dec 2002
Posts: 1338
Location: Sweating in South Florida
|
| Posted: Mon Apr 04, 2005 4:20 pm Post subject: |
|
|
I noticed that it was missing from my output. I have crypt in my use flags, but it does not show up when I do an emerge -pv?
Even when I do a:
# USE="-authdaemond berkdb crypt -debug -gdbm -java -kerberos -ldap mysql -ntlm_unsupported_patch pam -postgres -sample -srp ssl -static -urandom" emerge cyrus-sasl -pv
These are the packages that I would merge, in order:
Calculating dependencies ...done!
[ebuild R ] dev-libs/cyrus-sasl-2.1.20 -authdaemond +berkdb -debug -gdbm -java -kerberos -ldap +mysql +pam -postgres +ssl -static 0 kB |
|
| Back to top |
|
|
hanj
Veteran
Joined: 19 Aug 2003
Posts: 1500
|
| Posted: Mon Apr 04, 2005 4:39 pm Post subject: |
|
|
Hello
Your version is different...
| Quote: | | [ebuild R ] dev-libs/cyrus-sasl-2.1.20 |
The version you'll need is dev-libs/cyrus-sasl-2.1.20-r2 which supports crypt. Try adding this to /etc/portage/package.keywords
| Code: | | dev-libs/cyrus-sasl ~x86 |
and re-emerge again.
hanji |
|
| Back to top |
|
|
langthang
Retired Dev
Joined: 27 Nov 2003
Posts: 620
|
| Posted: Mon Apr 04, 2005 4:44 pm Post subject: |
|
|
ok, let me rephrase. You need dev-libs/cyrus-sasl-2.1.20-r2 which is ~arch. It looks like you are on "stable" profile. You need to:
| Code: | | touch /etc/portage/package.keywords; echo "=dev-libs/cyrus-sasl-2.1.20-r2" >> /etc/portage/package.keywords |
assumed you are on x86 arch. Or wait until cyrus-sasl-2.1.20-r2 goes "stable"
_________________
Gentoo users' map |
|
| Back to top |
|
|
msalerno
Veteran
Joined: 17 Dec 2002
Posts: 1338
Location: Sweating in South Florida
|
| Posted: Mon Apr 04, 2005 6:00 pm Post subject: |
|
|
WOW! Thanks for all of the help guys!
All I had to do was:
ACCEPT_KEYWORDS="~x86" emerge -v cyrus-sasl
restarted the sasl daemon, and everything worked before I could even tail the logs.
I can finally close this project. This is the one thing that has been holding me up.
Once again, thanks. |
|
| Back to top |
|
|
|
Networking & Security
