Мне не удается пройти аутентификацию в почтовой базе данных mysql с помощью saslauthd (cyrus-sasl2.1.23) через pam-mysql. Ниже приведены некоторые из выполняемых команд, а также конфигурации.
root@xxxx:/# ps aux | grep saslauthd
root 3443 0.0 0.0 34524 752 pts/0 S 10:53 0:00 saslauthd -a pam -d
root 3507 0.0 0.0 34524 1096 ? Ss 11:22 0:00 saslauthd -a pam
root 3508 0.0 0.0 34524 644 ? S 11:22 0:00 saslauthd -a pam
root 3509 0.0 0.0 34524 596 ? S 11:22 0:00 saslauthd -a pam
root 3510 0.0 0.0 34524 596 ? S 11:22 0:00 saslauthd -a pam
root 3511 0.0 0.0 34524 596 ? S 11:22 0:00 saslauthd -a pam
root 3518 0.0 0.0 4116 604 pts/0 S+ 11:26 0:00 grep saslauthd
root@xxxx:/# saslauthd -v
saslauthd 2.1.23
authentication mechanisms: getpwent pam rimap shadow ldap
root@xxxx:/# perl -MMIME::Base64 -e 'print encode_base64("\000mkk\@mkk\000mkk123")'
AG1ra0Bta2sAbWtrMTIz
root@xxxx:/# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailbkp.mak.ac.ug ESMTP Postfix
ehlo localhost
250-mailbkp.mak.ac.ug
250-PIPELINING
250-SIZE 15000000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AG1ra0Bta2sAbWtrMTIz
Connection closed by foreign host.
root@xxxx:/# tail -f var/log/auth
postfix/smtpd[3437]: sql_select option missing
postfix/smtpd[3437]: auxpropfunc error no mechanism available
postfix/smtpd[3437]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
postfix/smtpd[3437]: auxpropfunc error invalid parameter supplied
postfix/smtpd[3437]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb
root@xxxx:/etc/pam.d# cat smtp
auth required /lib/security/pam_mysql.so user=mailnew passwd=post2011new host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crpyt=1
account sufficient /lib/security/pam_mysql.so user=mailnew passwd=post2011new host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crpyt=1
root@xxxx:/etc/default# cat saslauthd
# This needs to be uncommented before saslauthd will be run automatically
START=yes
PWDIR="/var/state/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
#PIDFILE="${PWDIR}/saslauthd.pid"
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
MECHANISMS="pam"
# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/state/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c"
THREADS=5
#make sure you set the options here otherwise it ignores params above and will not work
OPTIONS="-c -m /var/state/saslauthd"
root@xxxx:/etc/sysconfig# cat saslauthd
SOCKETDIR=/var/state/saslauthd
MECH=pam
FLAGS="-r"
SMTP configurstions in main.cf
smtp_sasl_mechanism_filter = plain, login
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /usr/lib64/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
root@xxxx:/usr/share/doc/cyrus-sasl-2.1.23/doc# testsaslauthd -u <username> -p <password>
0: NO "authentication failed"
root@xxxx:/var/log# testsaslauthd -u <username> -p <password> -f /var/state/saslauthd/
connect() : Connection refused
root@xxxx:# tail -f /var/log/auth
saslauthd[3508]: DEBUG: auth_pam: pam_start failed: Critical error - immediate abort
saslauthd[3508]: do_auth : auth failure: [user=<username@domain>] [service=imap] [realm=] [mech=pam] [reason=PAM start error]
Может ли кто-нибудь помочь мне, как это исправить?
В вашей конфигурации SMTP для pam есть орфографическая ошибка: «crpyt = 1» вместо «crypt = 1». У меня нет доступа к действующей системе PAM, чтобы убедиться, что это вызовет вашу проблему прямо сейчас, но вы можете начать с нее.