Problem authenticating with sasl in jail

Erik Norgaard norgaard at locolomo.org
Thu Jun 18 05:51:06 UTC 2009 

Mel Flynn wrote:

>> Looking again on the logs:
>>
>> Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com [172.16.0.2]
>> plaintext cyrus at example.com SASL(-13): user not found: checkpass failed
>>
>> The user cyrus exists, I can login and get shell access, but there may
>> be something about the realm, that causes the user not to be found? But:
> 
> Any chance there's a minuserid in effect? dovecot doesn't allow logins from 
> user id's <1000 by default. There may be a similar issue with Cyrus and sounds 
> like something one would overlook.

No, the cyrus user has the same uid and passwd in both jail and on host.

> It still is disturbing that no mechanisms are found. Are there maybe left 
> overs in site_perl/5.8.9?

I recently (may) deinstalled all packages and upgraded everything, there 
are nothing perlish that should cause such problems:

I have checked using cyradm to connect from the host to host, host to 
jail, jail to host and jail to jail. In all cases, I can connect with 
the imap instance on the host, but not in the jail.

> Or do you have restrictions that only allow plain 
> logins when tls is in effect?

There are indeed:

allowplaintext: yes
allowplainwithouttls: no
sasl_mech_list: plain
sasl_minimum_layer: 128
sasl_pwcheck_method: saslauthd

However, this is the same configuration that I have on the host where 
everything works fine.

It appears to be something with the realm, really: I did a bad login on 
the working server just to see what goes on there (user games):

Jun 18 07:46:28 <local6.notice> alpha imap[14244]: badlogin: 
jail.example.com [172.16.0.2] plaintext games SASL(-13): authentication 
failure: checkpass failed

And just for comparison, a successful login:

Jun 18 07:39:54 <local6.notice> alpha imap[14127]: login: 
jail.example.com [172.16.0.2] cyrus plaintext User logged in

Both where I connect out from the jail to the host.

Note there is no realm specified contrary to the log entries found in 
the jail.

thanks again, Erik
-- 
Erik Nørgaard
Ph: +34.666334818/+34.915211157                  http://www.locolomo.org

More information about the freebsd-questions mailing list