Cyrus murder auth issue

Dan White dwhite at olp.net
Tue Jul 28 15:53:54 EDT 2015 

On 07/28/15 16:37 +0000, Forster, Gabriel wrote:
>mupdatetest and testsaslauthd checks seem to work fine. But, when trying
>to create a user account using the command-line cyradm tools, from the
>backend, I'm getting the following error:
>
>cyradm -t "" -u kolab -w "${password}" ${cyrus_host}
>
>> cm user/kolab3test
>
>Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm line 118
>cyradm: cannot authenticate to [redacted.fqdn.backend.server]
>
>and directly from the frontend:
>
>> cm user/kolab3test
>Password:
>IMAP Password:
>
>              Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm line 118
>
>cyradm: cannot authenticate to [redacted.fqdn.backend.server]
>
>/var/log/messages on the backend only shows "perl: No worthy mechs found"
>
>and /var/log/maillog says:
>
> imap[27001]: SASL bad userid authenticated
>
>imap[27001]: badlogin: [redacted.fqdn.frontend.server] [10.2.1.26] PLAIN [SASL(-13): authentication failure: bad userid authenticated]

On 07/28/15 18:33 +0000, Forster, Gabriel wrote:
>BACKEND /etc/imapd.conf
>sasl_pwcheck_method: saslauthd
>sasl_mech_list: PLAIN
>allowplaintext: 1
>allowallsubscribe: 1
>allowusermoves: 1
>altnamespace: 1
>hashimapspool: 1
>unixhierarchysep: 1
>anysievefolder: 1
>fulldirhash: 0
>username_tolower: 1
>postuser: shared
>mupdate_config: standard
>mupdate_server: {redacted}
>mupdate_port: 3905
>mupdate_authname: {redacted}
>mupdate_username: {redacted}
>mupdate_password: {redacted}-
>proxyservers: {redacted}
>proxy_authname: {redacted}
>proxy_password: {redacted}-
>virtdomains: off

>FRONTEND /etc/imapd.conf
>sasl_pwcheck_method: saslauthd auxprop
>sasl_auxprop_plugin: sasldb
>sasl_mech_list: PLAIN
>allowplaintext: 1
>allowallsubscribe: 1
>allowusermoves: 1
>altnamespace: 1
>hashimapspool: 1
>unixhierarchysep: 1
>anysievefolder: 1
>fulldirhash: 0
>username_to_lower: 1
>normalizeuid: 1
>deletedprefix: DELETED
>delete_mode: delayed
>expunge_mode: delayed
>mupdate_config: standard

>mupdate_server: {redacted}
>mupdate_port: 3905
>mupdate_authname: {redacted}
>mupdate_username: {redacted}
>mupdate_password: {redacted}

This block may confuse your proxyd processes. Try removing it and
retesting.

>defaultserver: {redacted}
>serverlist: {redacted}
>proxy_authname: {redacted}
>proxy_password: {redacted}
>virtdomains: off

>FRONTEND /etc/cyrus.conf
>    mupdate     cmd="mupdate -m"    listen=3905                             prefork=1

Again, consult your auth facility syslog for sasl related problems. Does
imap authentication (imtest) succeed?

-- 
Dan White

More information about the Info-cyrus mailing list