From 9a14a9fff41d628ced31fea188bb5344bc6f48c3 Mon Sep 17 00:00:00 2001 From: Christian Mollekopf Date: Tue, 27 Mar 2018 21:58:25 +0200 Subject: Fixed saslauthd authentication --- docker/Dockerfile | 12 ++++++------ docker/bashrc | 2 +- docker/imapd.conf | 12 +++++++----- docker/startimap.sh | 2 +- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index f6eac989..a784d1ae 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -28,13 +28,16 @@ RUN dnf -y install google-noto-serif-fonts google-noto-sans-fonts RUN useradd -d /home/developer -m developer + +ADD rsyslog.conf /etc/rsyslog.conf #Setup cyrus imap -RUN echo 'altnamespace: 0' >> /etc/imapd.conf -RUN echo 'unixhierarchysep: 0' >> /etc/imapd.conf +ADD imapd.conf /etc/imapd.conf RUN usermod -p `perl -e "print crypt("admin","Q4")"` cyrus RUN useradd -p `perl -e "print crypt("doe","Q4")"` doe RUN /usr/bin/sscg --package cyrus-imapd --cert-file /etc/pki/cyrus-imapd/cyrus-imapd.pem --cert-key-file /etc/pki/cyrus-imapd/cyrus-imapd-key.pem --ca-file /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem -RUN saslauthd -a pam && /usr/libexec/cyrus-imapd/master -d && sleep 1 && echo "cm user.doe" | cyradm --auth PLAIN -u cyrus -w admin localhost +RUN saslauthd -a shadow && /usr/libexec/cyrus-imapd/master -d && sleep 1 && echo "cm user.doe" | cyradm --auth PLAIN -u cyrus -w admin localhost +#RUN echo "doe" | saslpasswd2 -p -u example.org doe +#RUN chown cyrus:root /etc/sasldb2 #DBus For KCacheGrind RUN dbus-uuidgen --ensure @@ -78,6 +81,3 @@ RUN sudo chown developer:developer /home/developer/.gnupg -R RUN gpg2 --batch --generate-key /home/developer/keyconfig #Better qt support RUN git clone https://github.com/Lekensteyn/qt5printers.git ~/.gdb/qt5printers/ - -ADD rsyslog.conf /etc/rsyslog.conf -ADD imapd.conf /etc/imapd.conf diff --git a/docker/bashrc b/docker/bashrc index d477583c..faf93f55 100644 --- a/docker/bashrc +++ b/docker/bashrc @@ -2,6 +2,6 @@ ulimit -c 0 sudo rsyslogd & -sudo saslauthd -a pam & +sudo saslauthd -a shadow & sudo /usr/libexec/cyrus-imapd/master -d diff --git a/docker/imapd.conf b/docker/imapd.conf index 86b320ab..320cbd36 100644 --- a/docker/imapd.conf +++ b/docker/imapd.conf @@ -94,11 +94,13 @@ allowplaintext: yes # Possible values are "saslauthd", "auxprop", "pwcheck" and # "alwaystrue". They are tried in order, you can specify more than one, # separated by spaces. -# FIXME saslauthd doesn't work with caldav/carddav for unknown reasons. -# It seems to work fine on the commandline, and from the logs the only thing -# that could be going wrong is authentication via pam, but for imap it seems -# to work anyways.... -sasl_pwcheck_method: alwaystrue +# * saslauthd works when started with the shadow mech +# * auxprop should work when: +# * setting default_domain: example.org +# * creating a password with 'echo "doe" | saslpasswd2 -p -u example.org doe' (chown cyrus:root /etc/sasldb2) +# * either login with doe@example.org, ensure the current hostname is example.org. +# * We currently use the saslauthd option so we can login using just doe +sasl_pwcheck_method: saslauthd # If enabled, the SASL library will automatically create authentication # secrets when given a plaintext password. Refer to SASL documentation diff --git a/docker/startimap.sh b/docker/startimap.sh index cb5af4f0..b80733af 100755 --- a/docker/startimap.sh +++ b/docker/startimap.sh @@ -1,5 +1,5 @@ #!/bin/bash -sudo saslauthd -a pam & +sudo saslauthd -a shadow & sudo /usr/libexec/cyrus-imapd/master -d #Give the imap server some time to start sleep 1 -- cgit v1.2.3