Problem authenticating with sasl in jail
Erik Norgaard
norgaard at locolomo.org
Thu Jun 18 19:21:53 UTC 2009
Mel Flynn wrote:
> On Wednesday 17 June 2009 21:51:03 Erik Norgaard wrote:
>
>>>> Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com [172.16.0.2]
>>>> plaintext cyrus at example.com SASL(-13): user not found: checkpass failed
>>>>
>
> So does the imap server know the domain name? How does it figure it out? Does
> it know to strip domain names because you configured the unix passwd backend?
> If it uses the domainname command to figure out the domainname, you may have
> it set on the working server, yet not on the jail.
> Any differences related to domains in /etc/rc.conf and /etc/resolv.conf that
> might shed some light?
I added the line
defaultdomain: example.com
to imapd.conf, this line is not in my working server configuration,
however, it does make the realm part go away from the error message, not
that it solves the problem though:
Jun 18 21:09:57 jail imap[22562]: badlogin: jail.example.com
[172.16.0.2] plaintext cyrus SASL(-1): generic failure: checkpass failed
Now, adding debug mode to saslautd, I got some extra info in auth.log:
Jun 18 21:13:21 jail saslauthd[21300]: DEBUG: auth_pam: pam_authenticate
failed: authentication error
Jun 18 21:13:21 jail saslauthd[21300]: do_auth : auth failure:
[user=cyrus at example.com] [service=imap] [realm=] [mech=pam] [reason=PAM
auth error]
I have checked /etc/pam.d in the jail against the host and they are
identical, also /usr/local/etc/pam.d - both empty. Are there any known
problems with pam in jails?
> I'm sorry I can't be of more Cyrus specific help.
Thanks for taking your time, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
More information about the freebsd-questions
mailing list