Dotaz: Postfix+SASL+IMAP

Na serveru s CentOS 4.4 mám nainstalovaný postfix 2.2.10-1.RHEL4.2, Cyrus SASL 2.1.19-5.EL4 a Cyrus- imap 2.2.12-3.RHEL4.1.

Postfix mám nastavený pro virtuální schránky, tedy aby jeho uživatelé nemuseli mít systémový účet. Autentifikace probíhá pomocí SASL:

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext

cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd

Toto funguje. Když se ale chci přes cyradm -user cyrus router.corki.cz přihlásit vypíše mi to

IMAP Password:
              Login failed: user not found at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 118
cyradm: cannot authenticate to server with  as cyrus

cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus root
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: auxprop
sasl_mech_list: PLAIN
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt

cat /etc/cyrus.conf
# standard standalone server implementation

START {
  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
#  idled                cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=5
  imaps         cmd="imapd -s" listen="imaps" prefork=1
  pop3          cmd="pop3d" listen="pop3" prefork=3
  pop3s         cmd="pop3d -s" listen="pop3s" prefork=1
  sieve         cmd="timsieved" listen="sieve" prefork=0

  # these are only necessary if receiving/exporting usenet via NNTP
#  nntp         cmd="nntpd" listen="nntp" prefork=3
#  nntps                cmd="nntpd -s" listen="nntps" prefork=1

  # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

  # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
}

EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune      cmd="cyr_expire -E 3" at=0400

  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" at=0400
}

cat /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file, and so
# on.  This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled to use.
MECH=pam

# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
# for the list of accepted flags.
FLAGS=

Když dám v souboru imapd.conf místo auxprop saslauthd, tak se přes cyradm přihlásím.

sasldblistusers2
filbar@router.corki.cz: userPassword
cyrus@router.corki.cz: userPassword

Když ale zadám

imtest -u cyrus -m login router.corki.cz
S: * OK CorkiAP Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-3.RHEL4.1 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN root {6}
S: + go ahead
C: <omitted>
S: L01 OK User logged in
Authenticated.
Security strength factor: 0

tak mi to uživatele cyrus, který má také účet v systému povolí, ale uživatele filbar nikoli

imtest -u filbar -m login router.corki.cz
S: * OK CorkiAP Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-3.RHEL4.1 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN root {7}
S: + go ahead
C: <omitted>
S: L01 NO Login failed: authentication failure
Authentication failed. generic failure

V logu je toto:

badlogin: [192.168.1.101] plaintext root SASL(-13): authentication failure: checkpass failed

Kde mám chybu, když chci, aby mi to bralo jenom uživalele z /etc/sasldb2, když heslo pro uživatele cyrus to bere z /etc/sasldb2? Proč to tedy povolí jeno přihlášení uživatele se systémovým účtem?

cyradm -user cyrus router.corki.cz přihlásit vypíše mi to IMAP Password: Login failed: user not found at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 118 cyradm: cannot authenticate to server with as cyrus

Chapu to spravne, ze jako uzivatel schranky se prihlasite? Tedy napr:

cyradm -user jmenouzivatele router.corki.cz

Pokud ano, muzete tomu uzivateli pridelit administratorska prava.
Mozna take muzete zkontrolovat, zda mate spravne vytvorene heslo pro uzivatele cyrus,
pripadne mu ho pomoci saslpasswd2 znovu vytvorit.