Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Feb 2018 16:53:41 -0500
From:      "James B. Byrne" <byrnejb@harte-lyne.ca>
To:        freebsd-questions@freebsd.org
Subject:   How to configure cyrus-imapd3 to use /etc/passwd
Message-ID:  <59a239974b6435d374527a7b0f7304ce.squirrel@webmail.harte-lyne.ca>

next in thread | raw e-mail | index | archive | help
I have installed cyrus-imapd30-3.0.4_3, configured imapd.conf to set
--sasl_pwcheck_method: saslauthd--, and restarted both saslauthd and
imapd.

Saslauthd shows this in ps:

# ps -auxw | grep sasl
root    14592   0.0  0.1  43932  5768  -  Is   16:08       0:00.02
/usr/local/sbin/saslauthd -a getpwent

Where -a getpwent indicates that saslauth should be checking
/etc/passwd for the user.

These are the contents of /var/run/saslauthd:
# ll /var/run/saslauthd/*
srwxrwxrwx  1 root  mail  0 Feb 26 16:08 /var/run/saslauthd/mux
-rw-------  1 root  mail  0 Feb 26 16:08 /var/run/saslauthd/mux.accept
-rw-------  1 root  mail  6 Feb 26 16:08 /var/run/saslauthd/saslauthd.pid


When I attempt to connect to cyradm I get this error:

# sudo -u cyrus cyradm localhost
Password:
[ SSL_connect error -1 ]
[ SSL session removed ]
[ TLS negotiation did not succeed ]
cyradm: cannot authenticate to server with  as cyrus

Checking the ssl connection I get this result:
openssl s_client -connect localhost:993
CONNECTED(00000003)
write:errno=54
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1519681228
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

This seems, to me, to return success from the standpoint of
establishing an ssl connection.


These entries are found in the indicted files:

#/var/log/maillog
Feb 26 16:25:40 inet17 CYRUS/imap[29830]: SASL no user in db
Feb 26 16:25:40 inet17 CYRUS/imap[29830]: SASL no user in db
Feb 26 16:25:40 inet17 CYRUS/imap[29830]: SASL unable to canonify user
and get auxprops
Feb 26 16:25:40 inet17 CYRUS/imap[29830]: badlogin: localhost
[127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify
user and get auxprops]
Feb 26 16:25:43 inet17 CYRUS/imap[29830]: SASL no user in db
Feb 26 16:25:43 inet17 CYRUS/imap[29830]: SASL no user in db
Feb 26 16:25:43 inet17 CYRUS/imap[29830]: SASL unable to canonify user
and get auxprops
Feb 26 16:25:43 inet17 CYRUS/imap[29830]: badlogin: localhost
[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: unable to canonify
user and get auxprops]

#/var/log/messages
Feb 26 16:25:29 inet17 CYRUS/imap[29830]: OTP unavailable because
can't read/write key database /etc/opiekeys: Permission denied

# ll /etc/opie*
-rw-------  1 root  wheel  438 Jul 20  2017 /etc/opieaccess
-rw-------  1 root  wheel    0 Oct 31 14:36 /etc/opiekeys



So my question is: Where and how do I configure cyrus-imapd to
authenticate against /etc/passwd?


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?59a239974b6435d374527a7b0f7304ce.squirrel>