Problem with Cyrus IMAP and Cyrus SASL

Mon Mar 8 12:39:57 EST 2004

> "Luca Manganelli" <manganelli at ksolutions.it> 03/08/04 05:50pm >>>
>Hi,
>
>I hope that this is the right mailing list for my question.
>
>I compiled and installed Cyrus imap (v2.2.3) and Cyrus sasl (v 2.1.7)
on my redhat 7.3 server.
>
>The imapd.conf is this:
>
>-----------------------------------------------------------------------
>configdirectory: /var/lib/imap
>partition-default: /var/spool/imap
>admins: cyrus ksmail
>lmtp_admins: cyrus ksmail
>allowanonymouslogin: yes
>sievedir: /var/lib/imap/sieve
>sendmail: /usr/sbin/sendmail
>servername: kmailcert.it
>hashimapspool: true
>sasl_pwcheck_method: saslauthd
>sasl_mech_list: PLAIN
>-----------------------------------------------------------------------
>
>and the /etc/sysconfig/saslauthd is:
>
>
>-----------------------------------------------------------------------
># Authentications mechanism (for list see saslauthd -v)
>SASL_AUTHMECH=PLAIN
>
># Hostname for remote IMAP server (if rimap auth mech is used)
>SASL_RIMAP_HOSTNAME=
>
># Honour time-of-day login restrictions (if shadow auth mech is used)
>SASL_TIME_OF_DAY_LOGIN_RESTRICTIONS=yes
>-----------------------------------------------------------------------
>
>
>then I execute the /usr/lib/cyrus-imapd/cyradm:
>
>-----------------------------------------------------------------------
>[root at ksmail-test cyrus-imapd]# ./cyradm -u cyrus localhost
>IMAP Password:
>              Login failed. at
/usr/lib/perl5/site_perl/5.6.1/i386-linux/Cyrus/IMAP/Admin.pm line 118
>cyradm: cannot authenticate to server with  as cyrus
>-----------------------------------------------------------------------
>
>/var/log/messages tells me:
>
>-----------------------------------------------------------------------
>Mar  8 17:36:14 ksmail-test perl: No worthy mechs found
>Mar  8 17:45:32 ksmail-test last message repeated 2 times
>-----------------------------------------------------------------------
>
>
>How strange. I tried to test the SASL server with
>
>  sasl2-sample-server -s rcmd local=127.0.0.1;23,remote=127.0.0.1;23
-m PLAIN
>
>and
>
>  sasl2-sample-client localhost -m PLAIN
>
>with the output result:
>
>receiving capability list... recv: {57}
>PLAIN LOGIN OTP NTLM DIGEST-MD5 CRAM-MD5 GSSAPI ANONYMOUS
>PLAIN LOGIN OTP NTLM DIGEST-MD5 CRAM-MD5 GSSAPI ANONYMOUS
>please enter an authentication id: cyrus
>please enter an authorization id: cyrus
>Password:
>send: {5}
>PLAIN
>send: {1}
>Y
>send: {17}
>cyrus[0]cyrus[0]cyrus
>successful authentication
>closing connection
>
>
>
>
>what's wrong?
>Thanks
>
>
>--------------------------------------------------------------
>LUCA MANGANELLI
>          
Hi Luca,

I presume you mean SASL 2.1.17 rather than 2.1.7.

What do you see in /var/log/auth.log (or /var/log/auth)?

Your IMAP server is tying to use saslauthd for authentication. How did
you start saslauthd? If you want to use shadow passwords (all users will
have a system account) it needs to be started as
        saslauthd -a shadow
see
        man saslauthd
to test the functionality of saslauthd, you need to use the
testsaslauthd program in the saslauthd subdirectory of the
distribution.

If you are using an SQL database, kerberos5, rimap or ldap, you need
some more entries in the saslauthd.conf file, see the documentation at
the cyrus web site for that.

Mike.
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html