Discussion:
saslauthd: pam_authenticate error.
Sam
2004-06-20 14:00:22 UTC
Permalink
Hi,

I just upgraded Openexchange wiith latest patches then I can't use
Mozilla mail client to logon the mail server (Imap) any more.
The error is about the user (the mozilla mail client) is using an
unknown authtentication module.
Here is the error:
Jun 20 19:04:50 slox imapd[23152]: open: user samwun opened INBOX
Jun 20 19:05:23 slox imapd[23131]: accepted connection
Jun 20 19:05:27 slox saslauthd[729]: DEBUG: auth_pam: pam_authenticate
failed: User not known to the underlying authentication module
Jun 20 19:05:27 slox saslauthd[729]: AUTHFAIL: user=***@xyz.com
service=imap realm= [PAM auth error]
Jun 20 19:05:27 slox imapd[23131]: Password verification failed
Jun 20 19:05:27 slox imapd[23131]: badlogin: slox.xyz.com[192.168.4.3]
plain [SASL(-13): authentication failure: Password verification failed]
Jun 20 19:05:30 slox saslauthd[730]: DEBUG: auth_pam: pam_authenticate
failed: User not known to the underlying authentication module
Jun 20 19:05:30 slox saslauthd[730]: AUTHFAIL: user=***@xyz.com
service=imap realm= [PAM auth error]
Jun 20 19:05:30 slox imapd[23131]: badlogin: slox.xyz.com[192.168.4.3]
plaintext ***@xyz.com SASL(-13): authentication failure: checkpass
failed

The /etc/pam.d/smtp file contains:
#%PAM-1.0
auth sufficient pam_ldap.so
#auth required pam_unix.so
auth sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_unix.so

password required pam_ldap.so use_authtok
session required pam_ldap.so

and Ihave just rename the /usr/lib/sasl2 to sasl2.bk
and make a symbolic link so that sasl2 is pointing to /usr/lib/sasl
which is the more updated sasl library.
There is a smtp.conf file in the sasl/ directory, its content :
lib/sasl# cat smtpd.conf
pwcheck_method: pam

What should I do to fix this problem?
thanks
sam
Andreas Winkelmann
2004-06-20 15:33:40 UTC
Permalink
Post by Sam
I just upgraded Openexchange wiith latest patches then I can't use
Mozilla mail client to logon the mail server (Imap) any more.
The error is about the user (the mozilla mail client) is using an
unknown authtentication module.
Jun 20 19:04:50 slox imapd[23152]: open: user samwun opened INBOX
Jun 20 19:05:23 slox imapd[23131]: accepted connection
Jun 20 19:05:27 slox saslauthd[729]: DEBUG: auth_pam: pam_authenticate
failed: User not known to the underlying authentication module
service=imap realm= [PAM auth error]
Jun 20 19:05:27 slox imapd[23131]: Password verification failed
Jun 20 19:05:27 slox imapd[23131]: badlogin: slox.xyz.com[192.168.4.3]
plain [SASL(-13): authentication failure: Password verification failed]
Jun 20 19:05:30 slox saslauthd[730]: DEBUG: auth_pam: pam_authenticate
failed: User not known to the underlying authentication module
service=imap realm= [PAM auth error]
Jun 20 19:05:30 slox imapd[23131]: badlogin: slox.xyz.com[192.168.4.3]
failed
Fine, but you show Logs of an Imap-Server. I don't think it shows interest for
a smtp-configuration. Make a copy and rename this to "imap".
Post by Sam
#%PAM-1.0
auth sufficient pam_ldap.so
#auth required pam_unix.so
auth sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_unix.so
password required pam_ldap.so use_authtok
session required pam_ldap.so
and Ihave just rename the /usr/lib/sasl2 to sasl2.bk
and make a symbolic link so that sasl2 is pointing to /usr/lib/sasl
which is the more updated sasl library.
Where for heavens sake did you see such a Pointer?
Post by Sam
lib/sasl# cat smtpd.conf
pwcheck_method: pam
Please find out which sasl-version is used by your Applications. Maybe with
ldd. Then change the Configuration fitting to your sasl-version. This example
is valid for sasl1, for sasl2 you have to use saslauthd and start this with
"-a pam" as it should already be, like it is shown in your Log above.
--
Andreas
Sam
2004-06-20 16:09:02 UTC
Permalink
Post by Andreas Winkelmann
Post by Sam
I just upgraded Openexchange wiith latest patches then I can't use
Mozilla mail client to logon the mail server (Imap) any more.
The error is about the user (the mozilla mail client) is using an
unknown authtentication module.
Jun 20 19:04:50 slox imapd[23152]: open: user samwun opened INBOX
Jun 20 19:05:23 slox imapd[23131]: accepted connection
Jun 20 19:05:27 slox saslauthd[729]: DEBUG: auth_pam: pam_authenticate
failed: User not known to the underlying authentication module
service=imap realm= [PAM auth error]
Jun 20 19:05:27 slox imapd[23131]: Password verification failed
Jun 20 19:05:27 slox imapd[23131]: badlogin: slox.xyz.com[192.168.4.3]
plain [SASL(-13): authentication failure: Password verification failed]
Jun 20 19:05:30 slox saslauthd[730]: DEBUG: auth_pam: pam_authenticate
failed: User not known to the underlying authentication module
service=imap realm= [PAM auth error]
Jun 20 19:05:30 slox imapd[23131]: badlogin: slox.xyz.com[192.168.4.3]
failed
Fine, but you show Logs of an Imap-Server. I don't think it shows interest for
a smtp-configuration. Make a copy and rename this to "imap".
Hi Andreas,

Thanks for your replies. I have just reinstalled the system, but the
problem still persist. I remember it was working fine when I installed
the first time, now I don't know what I did mistake. Is there anything
to do with misconfiguration of DNS setup? probably not.

Here is the content of the /etc/pam.d/imap file:
#%PAM-1.0
auth sufficient pam_ldap.so
auth required pam_unix.so
account sufficient pam_ldap.so
account required pam_unix.so
Post by Andreas Winkelmann
Post by Sam
#%PAM-1.0
auth sufficient pam_ldap.so
#auth required pam_unix.so
auth sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_unix.so
password required pam_ldap.so use_authtok
session required pam_ldap.so
and Ihave just rename the /usr/lib/sasl2 to sasl2.bk
and make a symbolic link so that sasl2 is pointing to /usr/lib/sasl
which is the more updated sasl library.
Where for heavens sake did you see such a Pointer?
I just reinstalled the system, so there is no symbolic pointer now, the
directory contains the following sasl* direcdtories:
/usr/lib# ls -ld sasl*
drwxr-xr-x 2 root root 616 Jun 20 22:43 sasl
drwxr-xr-x 2 root root 1008 Jun 20 22:40 sasl2
Post by Andreas Winkelmann
Post by Sam
lib/sasl# cat smtpd.conf
pwcheck_method: pam
The smtpd.conf is not used I think, because I m using imapd.
Here is the /etc/imapd.conf file:
admins: cyrus
allowanonymouslogin: no
allowplainwithouttls: yes
altnamespace: no
autocreatequota: 10000
configdirectory: /var/lib/imap
drachost: localhost
dracinterval: 0
duplicatesuppression: yes
lmtp_overquota_perm_failure: no
lmtpsocket: /var/spool/postfix/public/lmtp
normalizeuid: yes
partition-default: /var/spool/imap
poptimeout: 10
quotawarn: 90
reject8bit: no
sasl_mech_list: plain login
sasl_pwcheck_method: saslauthd
sievedir: /var/lib/sieve
timeout: 30
tls_ca_file: /etc/ssl/CA/usedCA.pem
tls_ca_path: /etc/ssl/CA
tls_cert_file: /etc/ssl/certs/cert.pem
tls_key_file: /etc/ssl/certs/skey.pem
unixhierarchysep: yes
Post by Andreas Winkelmann
Please find out which sasl-version is used by your Applications. Maybe with
ldd. Then change the Configuration fitting to your sasl-version. This example
is valid for sasl1, for sasl2 you have to use saslauthd and start this with
"-a pam" as it should already be, like it is shown in your Log above.
ldd shows:
# ldd /usr/sbin/saslauthd
libgssapi.so.1 => /usr/lib/libgssapi.so.1 (0x4001c000)
libkrb5.so.17 => /usr/lib/libkrb5.so.17 (0x40027000)
libasn1.so.5 => /usr/lib/libasn1.so.5 (0x4005f000)
libroken.so.9 => /usr/lib/libroken.so.9 (0x40081000)
libcom_err.so.1 => /usr/lib/libcom_err.so.1 (0x40093000)
libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x40096000)
libresolv.so.2 => /lib/libresolv.so.2 (0x4009d000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x400ae000)
libpam.so.0 => /lib/libpam.so.0 (0x400df000)
libc.so.6 => /lib/i686/libc.so.6 (0x400e7000)
libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x40206000)
libdb-4.0.so => /usr/lib/libdb-4.0.so (0x402da000)
libdl.so.2 => /lib/libdl.so.2 (0x40380000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Thank you for yoru help.
Sam

Loading...