Newbie Q's: Authentication problems

Ken Murchison ken at oceana.com
Fri Sep 27 10:42:19 EDT 2002 


Jon Drukman wrote:
> 
> I'm trying to set up a system where there are no normal user accounts, but
> people can get mail.  I'm using sasl-2.1.7 and cyrus-imapd-2.1.9 on FreeBSD4.
> 
> I set up some accounts using saslpasswd2.  I can see them with sasldblistusers2
> 
> # sasldblistusers2
> liquid at rs2.gamespot.com: userPassword
> cyrus at rs2.gamespot.com: userPassword
> root at rs2.gamespot.com: userPassword
> 
> However, I can't connect with cyradm to create accounts.  I'm sure I have
> set up sasl improperly, but I don't know how to fix it.
> 
> Here's my /etc/imapd.conf:
> 
> # cat /etc/imapd.conf
> configdirectory: /var/imap
> defaultpartition: default
> partition-default: /var/spool/imap
> allowplaintext: no
> sasl_pwcheck_method: saslauthd
> admins: cyrus
> sasl_mech_list: PLAIN

You can't turn plaintext off and specify PLAIN as the only SASL
mechanism, because cyram doesn't support SSL/TLS (which is this only way
that PLAIN or IMAP LOGIN would be allowed with your config).  Either
allow plaintext, or add some other mechs (ie, CRAM-MD5) to the
sasl_mech_list.


> 
> I copied /etc/cyrus.conf from master/conf/small.conf
> 
> Here's what it looks like when I try to connect:
> 
> # cyradm --user cyrus localhost
> IMAP Password:
>                Login only available under a layer at
> /usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Admin.pm line 114
> cyradm: cannot authenticate to server with  as cyrus
> 
> The only logfile lines are:
> 
> Sep 26 17:06:03 rs2 master[73544]: about to exec /usr/cyrus/bin/imapd
> Sep 26 17:06:03 rs2 imap[73544]: executed
> Sep 26 17:06:03 rs2 imapd[73544]: accepted connection
> 
> Eventually I don't want any plaintext authentication happening.  I'm used
> to setting up UW-imap, which lets you define secrets in a cram-md5 file,
> and then it uses them for authentication.  However in that situation you
> need user accounts on the system.  My ultimate goal is: no user accounts
> and no plaintext passwords.
> 
> Please help.
> 
> -jsd-

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the Info-cyrus mailing list