Re: [Pam-mysql-general] pam, pam_mysql or saslauthd->pam problem?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Tautvydas,

Tautvydas Griskevicius wrote:
> Hello List,
>
> Mr. Moriyoshi redirected me here. Thanks for him. Like I wrote before, I 
> have a problem. I'm trying to set up Cyrus IMAP server, which uses 
> saslauthd as his password storage. saslauthd uses pam, and pam uses 
> pam_mysql.so for imap. Everything is working fine, IF the MySQL database 
> is locally deployed. I mean, if host directive is set to "localhost" in 
> /etc/pam.d/imap. Authentication works with normal IMAP login, with 
> /usr/sbin/testsaslauthd -u cyrus -p secret and with pamtester imap cyrus 
> authenticate also. But if I change host=database.domain.tld or 
> host=192.168.1.60 or even with host=127.0.0.1 authentication fails. With 
> IMAP login and with testsaslauthd. BUT pamtester is working (logging in) 
> fine. I'm able to use external database (on different server). So, the 
> problem is somewhere between saslauthd and pam. But sadly, I'm not able 
> to determine where. I don't know how pamtester works.
>   
I figured out the problem a bit more. It seems to be a contextual 
problem; something like unix user / group stuff or  SELinux context is 
involved.

If my understanding is correct, the symptoms are as follows:

1. It works at least with the context on which you were manipulating the 
testing tools.
2. Connection through unix domain sockets works for everything.
3. TCP connection didn't work for either except pamtester.

Did you check out the syslog or the security log and see something in 
it? If you cannot find anything suspicious, try strace and investigate 
the raw system calls to look for what makes it going wrong.

Moriyoshi

> Like Mr. Moryuoshi recommended, I've checked all binaries with ldd. 
> Everything looks fine.
>
> My /etc/pam.d/imap config is below.
>
> auth sufficient         pam_mysql.so user=mail passwd=secret \
>                         host=localhost db=mail table=accountuser \
>                         usercolumn=username passwdcolumn=password \
>                         crypt=0 logtable=log logmsgcolumn=msg \
>                         logusercolumn=user loghostcolumn=host \
>                         logpidcolumn=pid logtimecolumn=time \
>                         verbose=1 sqllog=true
>
> account required        pam_mysql.so user=mail passwd=secret \
>                         host=localhost db=mail table=accountuser \
>                         usercolumn=username passwdcolumn=password \
>                         crypt=0 logtable=log logmsgcolumn=msg \
>                         loguserclumn=user loghostcolumnt=host \
>                         logpidcolumn=pid logtimecolumn=time \
>                         verbose=1 sqllog=true
>
> I hope, someone will help me.
>
> With Best Regards,
>
> Tautvydas
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Pam-mysql-general mailing list
> Pam...@li...
> https://lists.sourceforge.net/lists/listinfo/pam-mysql-general
>
>   