Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Trouble with cyrus-sasl-2.1.25-r3
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1266

PostPosted: Thu Dec 06, 2012 4:52 pm    Post subject: Trouble with cyrus-sasl-2.1.25-r3 Reply with quote

I just upgraded to cyrus-sasl-2.1.25-r3 from 2.1.23-r6. Ran revdep-rebuild, restarted postfix and saslauthd, and I'm running into errors authenticating for SMTP.

Here is a snip from my mail.log:
Code:
Dec  6 09:35:06 mail.comp.com postfix/smtpd[5652]: connect from nat.comp.com[xxx.xxx.xxx.xxx]
Dec  6 09:35:07 mail.comp.com postfix/smtpd[5652]: Anonymous TLS connection established from nat.comp.com[xxx.xxx.xxx.xxx]: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)
Dec  6 09:35:08 mail.comp.com postfix/smtpd[5652]: warning: nat.comp.com[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: authentication failure
Dec  6 09:35:08 mail.comp.com postfix/smtpd[5652]: lost connection after AUTH from nat.comp.com[xxx.xxx.xxx.xxx]
Dec  6 09:35:08 mail.comp.com postfix/smtpd[5652]: disconnect from nat.comp.com[xxx.xxx.xxx.xxx]


Here is a snip from my auth.log:
Code:
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin Parse the username admin@comp.com
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin try and connect to a host
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin trying to open db 'postfix' on host 'xxx.xxx.xxx.xxx'
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: begin transaction
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin create statement from userPassword admin comp.com
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin doing query SELECT password FROM mailbox WHERE username='admin@comp.com';
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: commit transaction
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin Parse the username admin@comp.com
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin try and connect to a host
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin trying to open db 'postfix' on host 'xxx.xxx.xxx.xxx'
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin Parse the username admin@comp.com
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin try and connect to a host
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin trying to open db 'postfix' on host 'xxx.xxx.xxx.xxx'
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: begin transaction
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin create statement from userPassword admin comp.com
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin doing query SELECT password FROM mailbox WHERE username='admin@comp.com';
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin create statement from cmusaslsecretPLAIN admin comp.com
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin doing query SELECT password FROM mailbox WHERE username='admin@comp.com';
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: commit transaction
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin Parse the username admin@comp.com
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin try and connect to a host
Dec  6 09:36:47 mail.comp.com postfix/smtpd[5652]: sql plugin trying to open db 'postfix' on host 'xxx.xxx.xxx.xxx'


As you can see, not much info. Looking at USE flags for cyrus-sasl-2.1.25-r3, I see that crypt is no longer an option. I'm thinking that might be an issue. Currently, passwords are stored in MySQL, I'm hoping that this might be a simple smtpd.conf misconfiguration. dispatch-conf did not show any updates to that config though?

Here is my smtpd.conf:
Code:
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN
password_format: crypt
sql_engine: mysql
sql_hostnames: xxx.xxx.xxx.xxxx
sql_database: postfix
sql_user: postfix
sql_passwd: xxxxxxxx
sql_select: SELECT password FROM mailbox WHERE username='%u@%r'
sql_usessl: no


Also, here are my emerge outputs for cyrus-sasl and postfix:
Code:
[ebuild     U  ] dev-libs/cyrus-sasl-2.1.25-r3:2 [2.1.23-r6:2] USE="gdbm mysql pam ssl urandom -authdaemond (-berkdb) -java -kerberos -ldapdb% -openldap -postgres -sample -sqlite% -srp -static-libs% (-crypt%*) (-ntlm_unsupported_patch%)" 0 kB
[ebuild   R    ] mail-mta/postfix-2.9.4  USE="berkdb mysql pam sasl ssl vda -cdb -doc -dovecot-sasl -hardened -ldap -ldap-bind -mbox -memcached -nis -postgres (-selinux) -sqlite" 0 kB


Any ideas as to what the problem could be?

Thanks in advance!
hanji
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Fri Dec 07, 2012 6:17 am    Post subject: Re: Trouble with cyrus-sasl-2.1.25-r3 Reply with quote

hanj wrote:
Looking at USE flags for cyrus-sasl-2.1.25-r3, I see that crypt is no longer an option. I'm thinking that might be an issue.


yip, bingo.
USE="crypt" does

Code:

use crypt && epatch "${FILESDIR}"/${PN}-2.1.19-checkpw.c.patch


which provides for password_format
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1266

PostPosted: Fri Dec 07, 2012 6:30 am    Post subject: Re: Trouble with cyrus-sasl-2.1.25-r3 Reply with quote

cach0rr0 wrote:
hanj wrote:
Looking at USE flags for cyrus-sasl-2.1.25-r3, I see that crypt is no longer an option. I'm thinking that might be an issue.


yip, bingo.
USE="crypt" does

Code:

use crypt && epatch "${FILESDIR}"/${PN}-2.1.19-checkpw.c.patch


which provides for password_format


Thanks for the reply. I'm a little confused. 2.1.25-r3 doesn't have crypt. Your code looks like it might be from cyrus-sasl-2.1.23-r6.ebuild, which is what I have currently installed. The system wants to update to cyrus-sasl-2.1.25-r3 and that's where the problem is.

Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Fri Dec 07, 2012 10:47 pm    Post subject: Re: Trouble with cyrus-sasl-2.1.25-r3 Reply with quote

hanj wrote:
Your code looks like it might be from cyrus-sasl-2.1.23-r6.ebuild, which is what I have currently installed. The system wants to update to cyrus-sasl-2.1.25-r3 and that's where the problem is.


correct. that code is from the 2.1.23 ebuild
that line applies this patch
which is what allows you to use encrypted passwords

this does not exist for the 2.1.25 ebuild. I am assuming the package maintainer intentionally removed this - maybe the patch does not apply cleanly on 2.1.25, i dont know.

but certainly without this patch applied, your setup will not work as configured.

I suppose you *could* edit the 2.1.25 ebuild, and tell it to apply the patch - if it patches cleanly, might be worth logging a bug, might be worth logging one anyway.

I'm just confirming that no, without that patch applied (which gets applied conditionally based on the 'crypt' USE flag) your encrypted passwords will not work as configured.

I also dont know if cyrus-sasl maybe added their own functionality without that patch, that makes the patch superfluous - but if they did, it would take different configuration parameters most likely. Either way, yes, that is the problem.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1266

PostPosted: Sat Dec 08, 2012 5:04 am    Post subject: Reply with quote

I found this bug report that shows the problem as well:
https://bugs.gentoo.org/show_bug.cgi?id=445568

Tomorrow I'll try -r4 tomorrow.

Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum