<br><br><div class="gmail_quote">2010/7/2 D G Teed <span dir="ltr"><<a href="mailto:donald.teed@gmail.com">donald.teed@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Subject: Authentication problems since Redhat 5.5 updates<div>
<div></div><div class="h5"><br>
We had a nice trouble free cyrus running until it was updated<br>with updates from Redhat today.<br><br>I've tested with testsaslauthd (no service name given) and it works OK,<br>so I'd think things are fine on the pam, AD and ldap end.<br>
<br>In the cyrus server's maillog I'm seeing messages like this<br>from attempts to connect from the remote webmail:<br><br>Jul 2 13:54:22 navi imap[4073]: badlogin: <a href="http://webmail.example.com" target="_blank">webmail.example.com</a> [XXX.YYY.ZZZ.111] CRAM-MD5 [SASL(-13): user not found: no secret in database]<br>
<br>Logins from some other IMAP, like my thunderbird, using a secure IMAP port, work OK.<br><br>cyradm can connect, but scripts we have, using IMAP::Admin have stopped working.<br><br># cyrsetquota dteed 100<br>IMAP::Admin [ initialize ]: try NO Login failed: authentication failure<br>
<br>This is cyrus 2.3.7 from Redhat, identifying as:<br><br>name : Cyrus IMAPD<br>version : v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3 2006/07/10 13:46:20<br>vendor : Project Cyrus<br>support-url: <a href="http://asg.web.cmu.edu/cyrus" target="_blank">http://asg.web.cmu.edu/cyrus</a><br>
os : Linux<br>os-version : 2.6.18-194.8.1.el5<br>environment: Built w/Cyrus SASL 2.1.22<br> Running w/Cyrus SASL 2.1.22<br> Built w/Sleepycat Software: Berkeley DB 4.3.29: (February 19, 2009)<br>
Running w/Sleepycat Software: Berkeley DB 4.3.29: (February 19, 2009)<br> Built w/OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008<br> Running w/OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008<br> CMU Sieve 2.3<br>
TCP Wrappers<br> NET-SNMP<br> mmap = shared<br> lock = fcntl<br> nonblock = fcntl<br> idle = idled<br><br>These packages were updated by Redhat related to sasl:<br>
<br>Jul 02 10:36:41 Updated: cyrus-sasl-lib-2.1.22-5.el5_4.3.i386<br>Jul 02 10:37:11 Updated: cyrus-sasl-plain-2.1.22-5.el5_4.3.i386<br>Jul 02 10:37:44 Installed: cyrus-sasl-md5-2.1.22-5.el5_4.3.i386<br>Jul 02 10:38:01 Updated: cyrus-sasl-2.1.22-5.el5_4.3.i386<br>
<br>I tried removing cyrus-sasl-md5 and restarting saslauthd but it did not help.<br><br>There has to be something silly getting in the way but what?<br><br>--Donald<br></div></div></blockquote></div></blockquote><div><br>
<br>I have things working again. I had disabled Unix authentication in pam<br>temporarily to try troubleshooting with my account. That had the side effect<br>of disabling the cyrus user from authentication. So that explains the<br>
scripts using IMAP::Admin breaking.<br><br>I also removed the package cyrus-sasl-md5 and I believe this has<br>an impact on the issue I was facing with "CRAM-MD5".<br><br>Any tips on how to co-exist with that package are welcomed.<br>
<br>--Donald<br> </div></div><br>