Hello, Special Thanks to Buddy Lumpkin for pointing out a bug with saslpasswd. It seems that this command will always fail the first time it is run. So running a second time will create the account. In my case I also had to remove the /etc/sasldb file then run the saslpasswd command two times in a row. This seems to be odd behavior caused by a 0 length /etc/sasldb file prior to initialization. I have listed the thread below. Thanks Blue --- "Lumpkin, Buddy" <Buddy.Lumpkin@nordstrom.com> wrote: > I am using sasl for authentication... > > sasldb at home > /etc/shadow at work > > both work pretty good but as you mention, > /etc/shadow must be readable to the user that cyrus > runs as. > > As for the EEXIST exception, that is exactly what it > means. > > If O_CREAT and O_EXCL are set, open() fails if the > file exists. > > I think this part works as expected, I just wonder > why it completely fails to create the file on the > first try. > > Anyway, Congrats! > > Please Summarize. > > --Buddy > > > -----Original Message----- > From: blue wright [mailto:kawalskik@yahoo.com] > Sent: Wednesday, August 15, 2001 4:35 PM > To: Lumpkin, Buddy > Subject: RE: Cyrus IMAP, SASL and Solaris ? > > > Buddy thanks a zillion. Here is what I did I ran a > truss on the "saslpasswd -c cyrus" process. Upon > looking at the output of truss I spotted this: > > open64("/etc/sasldb", O_RDWR|O_CREAT|O_EXCL, 0660) > Err#17 EEXIST > > My C programming isn't the greates but looking up > that > Error code in /usr/include/sys/errno.h told me that > the open failed because the file existed. This is > very > odd indeed but I removed the /etc/sasldb file and > ran > the command "saslpasswd -c cyrus" twice in a row and > the second time it took the new password. Now when I > run: > > sasldblistusers > > I see the cyrus user in there. > > This seems like a bizzare bug no? I am wondering how > you stumbled upon it? Last question, it sounds like > you are not using sasl for authentication? I am > curious how your are implementing authentication for > your users. I don't like the idea of the pwcheck > daemon running or chaning the perms of /etc/shadow. > I > basically need a way to encrypt clients usernames > and > passwords. Any suggestions on the best route? > Again thanks. > > Blue > > > > --- "Lumpkin, Buddy" <Buddy.Lumpkin@nordstrom.com> > wrote: > > I have ran all versions on Solaris 7 & 8. (not all > > combos though). Im currently running the latest > 2.14 > > or something like that here at Nordstrom and at > > home. > > > > I never was able to get sasl to work right when I > > mistakingly forgot to add the --disable-gssapi and > > --disable-krb4. > > > > You may only need to delete the library out of > > /usr/local/lib/sasl. > > > > Also, I assume you remembered to create the > symlink > > from /usr/local/lib/sasl -> /usr/lib/sasl? > > > > Did you try touching the file? > > > > Also, add this to your /etc/syslog.conf file: > > > > local6.debug > > /var/log/imapd.log > > > > Those are tabs, not spaces between fields BTW. > > > > --Buddy > > > > -----Original Message----- > > From: blue wright [mailto:kawalskik@yahoo.com] > > Sent: Wednesday, August 15, 2001 4:10 PM > > To: Lumpkin, Buddy > > Subject: RE: Cyrus IMAP, SASL and Solaris ? > > > > > > Buddy thanks for your response. > > I don't think disabling the gssapi is affecting > the > > saslpasswd but yeah I should probably recompile to > > get > > rid of those messages in the logs. I tried > running: > > > > saslpasswd -c cyrus > > > > I did this 10 times in a row and I still get the > > "generic failure" error message and the > /etc/sasldb > > file is still 0 length. This is truly driving me > > nuts. > > Can you think of anything else? I would really > > apprecitate it. Are you running Cyrus 2.0.16 on > > solaris? > > > > Thanks again Buddy > > Blue > > --- "Lumpkin, Buddy" <Buddy.Lumpkin@nordstrom.com> > > wrote: > > > Blue, > > > > > > Just run the saslpasswd command a couple times > in > > a > > > row. I don't know why it fails half the time > when > > > /etc/sasldb doesn't exist but it does. > > > > > > You can also touch /etc/sasldb and it might help > > (I > > > did that in the past when I didn't know to just > > run > > > it a few times) > > > > > > > > > You also need to recompile sasl and > disable-gssapi > > > and disable-krb4. > > > > > > sasl thinks your using gssapi > > > (GSS_C_NT_HOSTBASED_SERVI is in your log file). > > > > > > --Buddy > > > > > > -----Original Message----- > > > From: blue wright [mailto:kawalskik@yahoo.com] > > > Sent: Wednesday, August 15, 2001 2:36 PM > > > To: sunmanagers@sunmanagers.org > > > Subject: Cyrus IMAP, SASL and Solaris ? > > > > > > > > > I recently installed sasl 1.5.24 on Solaris 8 > for > > > use > > > with Cyrus IMAP 2.0.16. For the Berkeley DB i > used > > > the > > > Solaris freeware package for DB 3.2. I > configured > > > SASL > > > by doing the following: > > > > > > env > CPPFLAGS="-I/usr/local/BerkeleyDB.3.2/include" > > \ > > > LDFLAGS="-L/usr/local/BerkeleyDB.3.2/lib > > > -R/usr/local/BerkeleyDB.3.2/lib" \ > > > LIBS="-lsocket -lnsl" ./configure > > > --with-dblib=berkeley > > > > > > Configure seems to find the Berkely DB just fine > > and > > > make succeeds. Now when I go to run saslpasswd I > > get > > > the following: > > > > > > catfish# /usr/local/sbin/saslpasswd -c cyrus > > > Password: > > > Again (for verification): > > > saslpasswd: generic failure > > > > > > Taking a look at the auth.log file I see the > > > following: > > > > > > Aug 15 13:41:40 catfish saslpasswd[2800]: [ID > > 615471 > > > auth.error] unable to open > > > Berkeley db /etc/sasldb: Invalid argument > > > Aug 15 13:41:40 catfish saslpasswd[2800]: [ID > === message truncated === __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/Received on Thu Aug 16 02:10:42 2001
This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:25:01 EDT