Announcement

Collapse
No announcement yet.

Anleitung fuer SASL/PAM/Cyrus/MySQL?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Anleitung fuer SASL/PAM/Cyrus/MySQL?

    Moinmoin,

    ich habe vor, einen in die Jahre gekommen Server mit Debian6 (Appsuite 7.4.0Rev11) zu migrieren auf eine neue Maschine mit Debian8 und Appsuite 7.8.9Rev6. Ich habe einfach die Mails und DB rueber gesynct und die Appsuite gestartet. Ich kann mich einloggen, Kalender etc sehen gut aus.

    Ich habe ziemlich viele Schnipsel zu aelteren Versionen gefunden, aber so ein nettes howto wie fuer die OX Basisinstallation fehlt mir irgendwie- vor allem auch ein detailierteres Bild, als das Architecture Overview. Der Plan ist doch, dass der imapd (cyrus) das auth dem saslauthd ueberlaesst und der besorgt user und pass dann per pam_mysql aus der Datenbank im Openxchange, oder?

    Hier ist das, was ich gerade versuche:

    Schon mal vielen Dank, Gruss,
    Micha!

    /etc/pam.d/imap
    Code:
    # PAM configuration file for Cyrus IMAP service
    # $Id: imap.pam 5 2005-03-12 23:19:45Z sven $
    #
    # If you want to use Cyrus in a setup where users don't have
    # accounts on the local machine, you'll need to make sure
    # you use something like pam_permit for account checking.
    #
    # Remember that SASL (and therefore Cyrus) accesses PAM 
    # modules through saslauthd, and that SASL can only deal with
    # plaintext passwords if PAM is used.
    #
    
    #@include common-auth
    #@include common-account
    
    auth       optional     pam_mysql.so host=/var/run/mysqld/mysqld.sock user=openexchange passwd=******* db=oxdatabase_5 [table=login2user LEFT JOIN user ON login2user.id=user.id AND login2user.cid=user.cid] [where=user.cid=1] usercolumn=login2user.uid passwdcolumn=user.userPassword crypt=1 log=1
    account    required     pam_mysql.so host=/var/run/mysqld/mysqld.sock user=openexchange passwd=******* db=oxdatabase_5 [table=login2user LEFT JOIN user ON login2user.id=user.id AND login2user.cid=user.cid] [where=user.cid=1] usercolumn=login2user.uid passwdcolumn=user.userPassword crypt=1 log=1
    Daten in der MySQL
    Code:
    mysql --user=openexchange --pass=******** oxdatabase_5
    
    mysql> select login2user.uid,user.mail,user.userPassword,user.passwordMech from login2user left join user on login2user.id=user.id and login2user.cid=user.cid where login2user.uid like 'fuckner%';
    +---------+--------------------------+---------------+--------------+
    | uid     | mail                     | userPassword  | passwordMech |
    +---------+--------------------------+---------------+--------------+
    | fuckner | fuckner@*************.de | ************* | {CRYPT}      |
    +---------+--------------------------+---------------+--------------+
    1 row in set (0.00 sec)
    testsaslauthd
    Code:
    root@exchange:~# testsaslauthd -u fuckner -p "*********"  -s imap
    0: OK "Success."
    syslog
    Code:
    Feb  5 15:59:18 exchange cyrus/imap[4730]: SSL_accept() incomplete -> wait
    Feb  5 15:59:18 exchange cyrus/imap[4732]: executed
    Feb  5 15:59:18 exchange cyrus/imap[4732]: accepted connection
    Feb  5 15:59:18 exchange cyrus/imap[4732]: imapd:Loading hard-coded DH parameters
    Feb  5 15:59:18 exchange cyrus/imap[4732]: TLS server engine: No CA file specified. Client side certs will not work.
    Feb  5 15:59:18 exchange cyrus/imap[4731]: SSL_accept() incomplete -> wait
    Feb  5 15:59:18 exchange cyrus/imap[4732]: SSL_accept() incomplete -> wait
    Feb  5 15:59:18 exchange cyrus/imap[4732]: SSL_accept() incomplete -> wait
    Feb  5 15:59:18 exchange cyrus/imap[4730]: SSL_accept() succeeded -> done
    Feb  5 15:59:18 exchange cyrus/imap[4730]: starttls: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
    Feb  5 15:59:18 exchange cyrus/imap[4730]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-13): user not found: Password verification failed]
    Feb  5 15:59:18 exchange cyrus/imap[4731]: SSL_accept() succeeded -> done
    Feb  5 15:59:18 exchange cyrus/imap[4731]: starttls: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
    Feb  5 15:59:18 exchange cyrus/imap[4731]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-13): user not found: Password verification failed]
    Feb  5 15:59:18 exchange cyrus/imap[4732]: SSL_accept() succeeded -> done
    Feb  5 15:59:18 exchange cyrus/imap[4732]: starttls: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
    Feb  5 15:59:18 exchange cyrus/imap[4732]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-13): user not found: Password verification failed]

  • #2
    Gefunden:

    falsch
    Code:
    sasl_pwcheck_method: auxprop
    sasl_auxprop_plugin: saslauthd # oder sasldb
    richtig
    Code:
    sasl_pwcheck_method: saslauthd

    Comment

    Working...
    X