Wednesday, October 17, 2007

Virtual Exim cyrus-imap saslauthd pam-mysql Login Problem

Cyrus POP3 Login Error:
[root@ ~]# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK centos.domain.com Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-1.1.el5 server ready <3974298939.1192619430@centos.domain.com>
user user@domain.com
+OK Name is a valid mailbox
pass password
-ERR [AUTH] Invalid login
quit
+OK
Connection closed by foreign host.


saslauthd error:
[root@ ~]# tail -f /var/log/messages
Oct 17 17:12:52 centos5 saslauthd[24323]: do_auth : auth failure: [user=user] [service=pop] [realm=domain.com] [mech=pam] [reason=PAM auth error]


To allow the user@domain.com to be used for pam_mysql authentication, edit /etc/sysconfig/saslauthd and set FLAGS=-r

[root@ ~]# nano /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=pam

# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=-r



[root@ ~]# cat /etc/pam.d/pop
#%PAM-1.0
auth sufficient pam_mysql.so user=vexim passwd=vexim_pw host=localhost db=vexim table=users usercolumn=username passwdcolumn=crypt crypt=1
account required pam_mysql.so user=vexim passwd=vexim_pw host=localhost db=vexim table=users usercolumn=username passwdcolumn=crypt crypt=1

Cyrus Virtual Domains Login Problem

Cyrus POP3 Login Error:
[root@ ~]# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK centos.domain.com Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-1.1.el5 server ready <3974298939.1192619430@centos.domain.com>
user user@domain.com
+OK Name is a valid mailbox
pass password
-ERR [AUTH] Invalid login
quit
+OK
Connection closed by foreign host.

To allow '@' in username during login, edit imapd.conf and set virtdomains: yes
[root@ ~]# nano /etc/imapd.conf
postmaster: postmaster
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
#admins: cyrus # no admins!
virtdomains: yes
allowanonymouslogin: no
allowplaintext: yes
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
servername: centos.domain.com
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sievedir: /var/lib/imap/sieve
sieve_maxscriptsize: 32
sieve_maxscripts: 5
##unixhierarchysep: yes
tls_ca_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem

Restart cyrus-imapd:
service cyrus-imapd restart

Test IMAP login:
/usr/bin/imtest -a user@domain.com -w password localhost

Monday, October 15, 2007

Yum Install "Development Tools" on CentOS 5.0

yum -y groupinstall "Development Tools"

Installing pam-mysql on CentOS 5.0

yum -y install pam pam-devel openssl openssl-devel mysql mysql-devel mysql-server
cd /usr/src
wget http://downloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz?modtime=1136835566&big_mirror=0
tar -xvzf pam_mysql-0.7RC1.tar.gz
cd pam_mysql-0.7RC1
./configure --bindir=/usr/bin --sbindir=/usr --with-openssl=/usr --with-mysql=/usr --with-pam=/usr --with-pam-mods-dir=/lib/security
make
make install

Check installed files:

ls -al /lib/security/pam_m*
-rwxr-xr-x 1 root root 8060 Mar 15 2007 /lib/security/pam_mail.so
-rwxr-xr-x 1 root root 15848 Mar 15 2007 /lib/security/pam_mkhomedir.so
-rwxr-xr-x 1 root root 3864 Mar 15 2007 /lib/security/pam_motd.so
-rwxr-xr-x 1 root root 880 Oct 16 01:18 /lib/security/pam_mysql.la
-rwxr-xr-x 1 root root 95126 Oct 16 01:18 /lib/security/pam_mysql.so