| View previous topic :: View next topic |
| Author |
Message |
hanj
Veteran
Joined: 19 Aug 2003
Posts: 1500
|
 Posted: Thu Dec 06, 2012 4:52 pm Post subject: Trouble with cyrus-sasl-2.1.25-r3 |
 |
|
I just upgraded to cyrus-sasl-2.1.25-r3 from 2.1.23-r6. Ran revdep-rebuild, restarted postfix and saslauthd, and I'm running into errors authenticating for SMTP.
Here is a snip from my mail.log:
| Code: | Dec 6 09:35:06 mail.comp.com postfix/smtpd[5652]: connect from nat.comp.com[xxx.xxx.xxx.xxx]
Dec 6 09:35:07 mail.comp.com postfix/smtpd[5652]: Anonymous TLS connection established from nat.comp.com[xxx.xxx.xxx.xxx]: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)
Dec 6 09:35:08 mail.comp.com postfix/smtpd[5652]: warning: nat.comp.com[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: authentication failure
Dec 6 09:35:08 mail.comp.com postfix/smtpd[5652]: lost connection after AUTH from nat.comp.com[xxx.xxx.xxx.xxx]
Dec 6 09:35:08 mail.comp.com postfix/smtpd[5652]: disconnect from nat.comp.com[xxx.xxx.xxx.xxx] |
Here is a snip from my auth.log:
| Code: | Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin Parse the username admin@comp.com
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin try and connect to a host
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin trying to open db 'postfix' on host 'xxx.xxx.xxx.xxx'
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: begin transaction
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin create statement from userPassword admin comp.com
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin doing query SELECT password FROM mailbox WHERE username='admin@comp.com';
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: commit transaction
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin Parse the username admin@comp.com
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin try and connect to a host
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin trying to open db 'postfix' on host 'xxx.xxx.xxx.xxx'
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin Parse the username admin@comp.com
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin try and connect to a host
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin trying to open db 'postfix' on host 'xxx.xxx.xxx.xxx'
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: begin transaction
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin create statement from userPassword admin comp.com
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin doing query SELECT password FROM mailbox WHERE username='admin@comp.com';
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin create statement from cmusaslsecretPLAIN admin comp.com
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin doing query SELECT password FROM mailbox WHERE username='admin@comp.com';
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: commit transaction
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin Parse the username admin@comp.com
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin try and connect to a host
Dec 6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin trying to open db 'postfix' on host 'xxx.xxx.xxx.xxx' |
As you can see, not much info. Looking at USE flags for cyrus-sasl-2.1.25-r3, I see that crypt is no longer an option. I'm thinking that might be an issue. Currently, passwords are stored in MySQL, I'm hoping that this might be a simple smtpd.conf misconfiguration. dispatch-conf did not show any updates to that config though?
Here is my smtpd.conf:
| Code: | pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN
password_format: crypt
sql_engine: mysql
sql_hostnames: xxx.xxx.xxx.xxxx
sql_database: postfix
sql_user: postfix
sql_passwd: xxxxxxxx
sql_select: SELECT password FROM mailbox WHERE username='%u@%r'
sql_usessl: no |
Also, here are my emerge outputs for cyrus-sasl and postfix:
| Code: | [ebuild U ] dev-libs/cyrus-sasl-2.1.25-r3:2 [2.1.23-r6:2] USE="gdbm mysql pam ssl urandom -authdaemond (-berkdb) -java -kerberos -ldapdb% -openldap -postgres -sample -sqlite% -srp -static-libs% (-crypt%*) (-ntlm_unsupported_patch%)" 0 kB
[ebuild R ] mail-mta/postfix-2.9.4 USE="berkdb mysql pam sasl ssl vda -cdb -doc -dovecot-sasl -hardened -ldap -ldap-bind -mbox -memcached -nis -postgres (-selinux) -sqlite" 0 kB |
Any ideas as to what the problem could be?
Thanks in advance!
hanji
_________________
Server Admin Blog - Uno-Code.com |
|
| Back to top |
|
 |
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Fri Dec 07, 2012 6:17 am Post subject: Re: Trouble with cyrus-sasl-2.1.25-r3 |
|
|
| hanj wrote: | | Looking at USE flags for cyrus-sasl-2.1.25-r3, I see that crypt is no longer an option. I'm thinking that might be an issue. |
yip, bingo.
USE="crypt" does
| Code: |
use crypt && epatch "${FILESDIR}"/${PN}-2.1.19-checkpw.c.patch
|
which provides for password_format
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
hanj
Veteran
Joined: 19 Aug 2003
Posts: 1500
|
| Posted: Fri Dec 07, 2012 6:30 am Post subject: Re: Trouble with cyrus-sasl-2.1.25-r3 |
|
|
| cach0rr0 wrote: | | hanj wrote: | | Looking at USE flags for cyrus-sasl-2.1.25-r3, I see that crypt is no longer an option. I'm thinking that might be an issue. |
yip, bingo.
USE="crypt" does
| Code: |
use crypt && epatch "${FILESDIR}"/${PN}-2.1.19-checkpw.c.patch
|
which provides for password_format |
Thanks for the reply. I'm a little confused. 2.1.25-r3 doesn't have crypt. Your code looks like it might be from cyrus-sasl-2.1.23-r6.ebuild, which is what I have currently installed. The system wants to update to cyrus-sasl-2.1.25-r3 and that's where the problem is.
Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Fri Dec 07, 2012 10:47 pm Post subject: Re: Trouble with cyrus-sasl-2.1.25-r3 |
|
|
| hanj wrote: | | Your code looks like it might be from cyrus-sasl-2.1.23-r6.ebuild, which is what I have currently installed. The system wants to update to cyrus-sasl-2.1.25-r3 and that's where the problem is. |
correct. that code is from the 2.1.23 ebuild
that line applies this patch
which is what allows you to use encrypted passwords
this does not exist for the 2.1.25 ebuild. I am assuming the package maintainer intentionally removed this - maybe the patch does not apply cleanly on 2.1.25, i dont know.
but certainly without this patch applied, your setup will not work as configured.
I suppose you *could* edit the 2.1.25 ebuild, and tell it to apply the patch - if it patches cleanly, might be worth logging a bug, might be worth logging one anyway.
I'm just confirming that no, without that patch applied (which gets applied conditionally based on the 'crypt' USE flag) your encrypted passwords will not work as configured.
I also dont know if cyrus-sasl maybe added their own functionality without that patch, that makes the patch superfluous - but if they did, it would take different configuration parameters most likely. Either way, yes, that is the problem.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
hanj
Veteran
Joined: 19 Aug 2003
Posts: 1500
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
