Problem authenticating with sasl in jail

Erik Norgaard norgaard at locolomo.org
Thu Jun 18 19:21:53 UTC 2009


Mel Flynn wrote:
> On Wednesday 17 June 2009 21:51:03 Erik Norgaard wrote:
> 
>>>> Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com [172.16.0.2]
>>>> plaintext cyrus at example.com SASL(-13): user not found: checkpass failed
>>>>
> 
> So does the imap server know the domain name? How does it figure it out? Does 
> it know to strip domain names because you configured the unix passwd backend?
> If it uses the domainname command to figure out the domainname, you may have 
> it set on the working server, yet not on the jail.
> Any differences related to domains in /etc/rc.conf and /etc/resolv.conf that 
> might shed some light?

I added the line

defaultdomain: example.com

to imapd.conf, this line is not in my working server configuration, 
however, it does make the realm part go away from the error message, not 
that it solves the problem though:

Jun 18 21:09:57 jail imap[22562]: badlogin: jail.example.com 
[172.16.0.2] plaintext cyrus SASL(-1): generic failure: checkpass failed

Now, adding debug mode to saslautd, I got some extra info in auth.log:

Jun 18 21:13:21 jail saslauthd[21300]: DEBUG: auth_pam: pam_authenticate 
failed: authentication error
Jun 18 21:13:21 jail saslauthd[21300]: do_auth         : auth failure: 
[user=cyrus at example.com] [service=imap] [realm=] [mech=pam] [reason=PAM 
auth error]

I have checked /etc/pam.d in the jail against the host and they are 
identical, also /usr/local/etc/pam.d - both empty. Are there any known 
problems with pam in jails?

> I'm sorry I can't be of more Cyrus specific help.

Thanks for taking your time, Erik

-- 
Erik Nørgaard
Ph: +34.666334818/+34.915211157                  http://www.locolomo.org


More information about the freebsd-questions mailing list