cyradm: cannot authenticate to server

brian cyruslist at subtropolix.org
Sun Apr 6 17:32:53 EDT 2008


I'm attempting to move from one server to another and have begun 
replicating the set-up on the new box but am running into problems. I 
want to set up authentication through sasldb and TLS (though the TLS 
postfix stuff is all commented out for now).

I'm trying to set up authentication through sasldb2. I have assigned a 
both system and saslpasswd2 passwords to the cyrus user. When i su - 
cyrus from root and try:

cyradm --user cyrus --server localhost

I'm prompted for both "password" and "IMAP password". I guessed the 
first is the system one so used that first, then the one assigned using 
saslpasswd2. I see the following:

Login failed: authentication failure at 
/usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm 
line 119
cyradm: cannot authenticate to server with  as cyrus

If i append "--auth plain" as some docs online suggest, I see the same 
error, with "with plain as cyrus".

Why do i see a prompt for both "password" and "IMAP password"? I'm sure 
I've never seen that before.

The following are what I have right now:


installed (RPM):
cyrus-sasl-2.1.22-8.fc7
cyrus-sasl-lib-2.1.22-8.fc7
cyrus-sasl-devel-2.1.22-8.fc7
cyrus-sasl-plain-2.1.22-8.fc7
cyrus-sasl-md5-2.1.22-8.fc7
postfix-2.5.1-1.sasl2.spf.fc7


saslauthd is stopped


/usr/lib/sasl2/smtpd.conf:

pwcheck_method: auxprop
mech_list: PLAIN LOGIN

I will be adding DIGEST-MD5 to the mech list once i make a little headway.


/etc/imapd.conf:

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
unixhierarchysep: no
altnamespace: yes
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
sasl_mech_list: PLAIN LOGIN
#tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
#tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
#tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
defaultdomain: MYDOMAIN
virtdomains: userid
loginrealms: MYDOMAIN
allowplaintext: 1


/etc/pam.d/imap
#%PAM-1.0
auth       include      system-auth
account    include      system-auth

I know that pwcheck_method is not pam but is there some other place I 
need to check to ensure this is the case? I've been banging my head on 
this all afternoon and I'm losing track of which config files are 
important to what part of the process.


More information about the Info-cyrus mailing list