Re: Cyrus IMAP with pam_mysql?
From: Jon Mercer (jon.mercer_at_achean.com)
Date: 08/26/03
- Previous message: Louis LeBlanc: "Re: National Security Backdoor in telnetd - all versions."
- In reply to: Johan Paul: "Re: Cyrus IMAP with pam_mysql?"
- Next in thread: Johan Paul: "Re: Cyrus IMAP with pam_mysql?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 26 Aug 2003 18:26:04 +0100 To: Johan Paul <mailing-lists@johanpaul.com>
OK, first off, my.cnf doesn't get created in the ports install on
FreeBSD, but if you check the startup script, all the parameters are
passed to the mysqld process at that time, if you have a play with the
mysql stuff you can modify that script so that it does read it. In fact
that is necessary if you wan to run with InnoDB tables anyway (you
probably don't for pam_mysql). This is what you can modify the script to
look like, where it also sets the log directories:
#!/bin/sh
DB_DIR=/data01/mysql40
PIDFILE=${DB_DIR}/`/bin/hostname -s`.pid
case "$1" in
start)
if [ -x /usr/local/bin/mysqld_safe ]; then
/usr/bin/limits -U mysql \
/usr/local/bin/mysqld_safe
--defaults-file=/usr/local/etc/my.cnf --user=mysql
--log-bin-index=${DB_DIR}/logs/ajax-logidx.log
--log-error=${DB_DIR}/logs/errlog.log --skip-bdb --pid-file=${PIDFILE}
--datadir=${DB_DIR} > /dev/null &
echo -n ' mysqld'
fi
;;
stop)
if [ -f ${PIDFILE} ]; then
/bin/kill `cat ${PIDFILE}` > /dev/null 2>&1 &&
echo -n ' mysqld'
else
echo "mysql-server isn't running"
fi
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop }"
echo ""
exit 64
;;
esac
Default log directories are in the default data directory, which is
something like /var/db/mysql or somesuch (the location is in the
Makefile for mysql) They are changed in the above script prior to
starting the db server for the first time.
Incidentally, here is my version of the relevant section of pam.conf.
# Mail services
imap auth sufficient pam_unix.so
try_first_pass
imap auth optional pam_mysql.so user=mail passwd=*******
db=mail host=ajax table=mail_users usercolumn=user_col
passwdcolumn=pw_col crypt=2
imap account required pam_mysql.so user=mail passwd=*******
db=mail host=ajax table=mail_users usercolumn=user_col
passwdcolumn=pw_col crypt=2
imaps auth sufficient pam_unix.so
try_first_pass
imaps auth optional pam_mysql.so user=mail passwd=*******
db=mail host=ajax table=mail_users usercolumn=user_col
passwdcolumn=pw_col crypt=2
imaps account required pam_mysql.so user=mail passwd=*******
db=mail host=ajax table=mail_users usercolumn=user_col
passwdcolumn=pw_col crypt=2
pop3 auth required pam_unix.so
try_first_pass
sieve auth sufficient pam_unix.so
try_first_pass
sieve auth optional pam_mysql.so user=mail passwd=*******
db=mail host=ajax table=mail_users usercolumn=user_col
passwdcolumn=pw_col crypt=2
sieve account required pam_mysql.so user=mail passwd=*******
db=mail host=ajax table=mail_users usercolumn=user_col
passwdcolumn=pw_col crypt=2
It occurrs to me that if you haven't enabled the imap port in
/etc/services, that could cause this kink of problem - but seems an
unlikely scenario.
Lastly _MAY BE IMPORTANT______________
From the imapd.conf I have, I can't see the 'sasl_mech_list: PLAIN'
line, so this may be affecting it!
FWIW, I still get shed loads of errors in the logfiles at auth time -
never managed to sort that - and now can't be bothered!
Hope some of this helps! :-)
Johan Paul wrote:
> Hi and thanks for you reply!
>
>> Welcome to nightmaresville. I struggled with this for yonks, and found
>> that there were some other files that needed to be setup, e.g.:
>
>
> F**k! I mean why does it have to be so difficult? In RedHat Linux I got
> the same configuration up without any problems...
>
>> ajax# cd /usr/local/lib/sasl2
>> ajax# cat Cyrus.conf
>> pwcheck_method: saslauthd
>> ajax#
>
>
> Ok, well added that there also. And then I read somewhere that the
> pwcheck_method -line should be in imapd.conf too.
>
>> There is at least one other one, and I'm trying to find it!
>>
>> Are you getting any trace out that you can post? I'd agree with you
>> that it doesn't seem to be contacting the database. If you have a log
>> against mysql, you could check this from the database end.
>
>
> This was actually the other thing I was wondering about; a) where is
> my.cnf in FreeBSD to config MySQL for and b) where does MySQL log the
> queries? I would love to look into what pam really tries to do with
> mysql - or doesn't.
>
> The only thing I can trace back to is the line I get into
> /var/log/messages:
>
> Aug 26 17:28:27 silakka imapd[3167]: login: my.machine[127.0.0.1] kypeli
> plaintext
>
> Yes, it works but it works dispite it shouldn't since I removed the line
> from database with my username. In fact I read these postings with this
> username that shouldn't work :)
>
>> In my view, the docs for Cyrus fall a long way short of what is really
>> needed!
>
>
> Yep! And this isn't the first time I struggle with Cyrus and notice that
> the docs are out of date and mailing lists/newsgroups are the only way
> to get help. Thank god for them :)
>
> But the wierdest thing is that I think it in fact does use pam to auth
> but it uses the wrong service (a one that authenticates from
> /etc/passwd). Can anyone verify if this is possible? What it the correct
> service line for pam.conf?
>
>> Cheers,
>>
>> Jon Mercer
>
>
> Thanks,
>
> Johan Paul
>
>
>>
>>
>> Johan Paul wrote:
>>
>>> Hi,
>>>
>>> Has anyone managed to get the Cyrus imapd to authenticate with pam_mysql
>>> -authentication?
>>>
>>> In /usr/local/etc/imapd.conf I have:
>>> allowanonymouslogin: no
>>> allowplaintext: yes
>>> sasl_pwcheck_method: saslauthd
>>> sasl_mech_list: PLAIN
>>>
>>> ...among other things.
>>>
>>> I am running saslauthd with pam authentication:
>>> silakka# ps xa |grep saslauthd
>>> 258 ?? Is 0:00.01 /usr/local/sbin/saslauthd1 -a pam
>>>
>>>
>>> This is what I have in my /etc/pam.conf:
>>>
>>> # Mail services
>>> imap auth sufficient pam_mysql.so user=mail passwd=uBerSecRETPASS
>>> host=localhost db=mail table=accountuser usercolumn=username
>>> passwdcolumn=password crypt=1
>>>
>>> imap account required pam_mysql.so user=mail passwd=uBerSecRETPASS
>>> host=localhost db=mail table=accountuser usercolumn=username
>>> passwdcolumn=password crypt=1
>>>
>>> The problem, I think, is the service column. The authentication is done
>>> via PAM since when I change the password for my shell account the mail
>>> password is changed too. But saslauthd uses some other service to
>>> authenticate, not imap and thus not pam_mysql. Why doesn't it
>>> reconize the
>>> above lines for Cyrus?
>>>
>>> I am running FreeBSD 4.8R
>>>
>>> This is giving me serious headache :) Thanks in advance for any clues!!
>>>
>>>
>>> Regards,
>>>
>>> Johan Paul
>>>
>
>
-- +----------------------------------------------------------------+ | ___ ___ | | / | | / | | / /| | / / | | / / | | _____ / / ____ ____ ___ | | / /__| | / ___ \ / /__ / __ \ / _ | | /__ | | / ____ | / / /_/ / ___ \ / /_/ / / / | | / ___ \ | | / / | | / / __ / / \ \ | ___/__ / / / / / / \ \ | | / / | | | |__/ / / / / / | \__/ / | |_| | / / / / | | /__\ /___\ \_____/ /__| /__| \_____/ \__/|_| /__| /__| | | | | www.achean.com | | ============== | | Jon Mercer jon.mercer@achean.com | | | | Mobile 07973 256496 | | | | Tel. 0117 9561211 | | | | Fax 0117 9565637 | +----------------------------------------------------------------+ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Louis LeBlanc: "Re: National Security Backdoor in telnetd - all versions."
- In reply to: Johan Paul: "Re: Cyrus IMAP with pam_mysql?"
- Next in thread: Johan Paul: "Re: Cyrus IMAP with pam_mysql?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
