
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>

</head>

<body dir="ltr">

<div id="divtagdefaultwrapper" style="background-color: rgb(255, 255, 255);">

<p class="p1" style="color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;">

<span class="s1">I am having trouble authenticating to sivtest but can authenticate to Imtest.</span></p>

<p class="p2" style="color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;">

<span class="s1"></span><br>

</p>

<p style="color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;">

</p>

<p class="p1" style="color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;">

<span class="s1">I am running NetBSD packages:</span></p>

<p class="p1"><font face="Calibri, Arial, Helvetica, sans-serif">cyrus-sasl-2.1.26nb4 Simple Authentication and Security Layer</font></p>

<p class="p1"><font face="Calibri, Arial, Helvetica, sans-serif"><span class="s1"></span></font></p>

<p class="p1"><font face="Calibri, Arial, Helvetica, sans-serif">cyrus-imapd-2.4.17nb10 Cyrus IMAP server</font></p>

<p class="p1"><font face="Calibri, Arial, Helvetica, sans-serif">cy2-login-2.1.22 &nbsp; &nbsp;Cyrus SASL LOGIN authentication plugin</font></p>

<p class="p1"><font face="Calibri, Arial, Helvetica, sans-serif"></font></p>

<p class="p1"><font face="Calibri, Arial, Helvetica, sans-serif">cy2-plain-2.1.26 &nbsp; &nbsp;Cyrus SASL PLAIN authentication plugin</font></p>

<div><br>

</div>

<div>my /usr/pkg/etc/imapd.conf currently looks like:</div>

<div><br>

</div>

<div>===== imapd.conf ====</div>

<div>

<p class="p1"><span class="s1"># $NetBSD: imapd.conf,v 1.5 2005/03/02 21:42:48 wiz Exp $</span></p>

<p class="p1"><span class="s1">#</span></p>

<p class="p1"><span class="s1"># Cyrus IMAP server configuration file.&nbsp; Refer to imapd.conf(5) for</span></p>

<p class="p1"><span class="s1"># more options.</span></p>

<p class="p2"><span class="s1"></span><br>

</p>

<p class="p1"><span class="s1">configdirectory: /var/imap</span></p>

<p class="p1"><span class="s1">partition-default: /var/spool/imap</span></p>

<p class="p1"><span class="s1">#sieveusehomedir: true</span></p>

<p class="p1"><span class="s1">hashimapspool: false</span></p>

<p class="p1"><span class="s1">sievedir: /usr/pkg/sieve</span></p>

<p class="p1"><span class="s1">sieve_maxscriptsize: 32</span></p>

<p class="p1"><span class="s1">sieve_maxscripts: 5</span></p>

<p class="p2"><span class="s1"></span><br>

</p>

<p class="p1"><span class="s1">admins: cyrus johnh</span></p>

<p class="p2"><span class="s1"></span><br>

</p>

<p class="p1"><span class="s1"># Use the saslauthd daemon to verify plaintext passwords.&nbsp; Please ensure that</span></p>

<p class="p1"><span class="s1"># the saslauthd daemon is running before trying to authenticate.</span></p>

<p class="p1"><span class="s1">#</span></p>

<p class="p1"><span class="s1">#sasl_mech_list: PLAIN</span></p>

<p class="p1"><span class="s1">sasl_pwcheck_method: auxprop</span></p>

<p class="p1"><span class="s1">sasl_auxprop_plugin: sasldb</span></p>

<p class="p1"><span class="s1">allowanonymouslogin: no</span></p>

<p class="p1"><span class="s1"># aparently changed in 2.4</span></p>

<p class="p1"><span class="s1"># aparently changed in 2.4</span></p>

<p class="p1"><span class="s1">allowplaintext: yes</span></p>

<p class="p2"><span class="s1"></span><br>

</p>

<p class="p1"><span class="s1"># The server certificate and key files must be specified for the</span></p>

<p class="p1"><span class="s1"># server to repond to IMAPS or POP3S requests.&nbsp; See imapd.conf(5) for</span></p>

<p class="p1"><span class="s1"># a complete listing of tls_* options.</span></p>

<p class="p1"><span class="s1">#</span></p>

<p class="p1"><span class="s1">tls_ca_file: /var/imap/server.pem</span></p>

<p class="p1"><span class="s1">tls_cert_file: /var/imap/server.pem</span></p>

<p class="p1"><span class="s1"></span></p>

<p class="p1"><span class="s1">tls_key_file: /var/imap/server.pem</span></p>

<p class="p1"><span class="s1">===== end imapd.conf ======</span></p>

<p class="p1"><span class="s1"><br>

</span></p>

<p class="p1"><span class="s1">I am trying to use sasldb which is located in /usr/pkg/etc/sasldb.db</span></p>

<p class="p1"><span class="s1"><br>

</span></p>

<p class="p1"><span class="s1">Here is what I am seeing when I run imtest and sivtest</span></p>

<p class="p1"><span class="s1">==== sieve.log ===</span></p>

<p class="p1">Script started on Sat Jun 27 07:54:38 2015</p>

<p class="p1">ESC[?1034hbash-3.2$ imtest -a linda -u linda localhost</p>

<p class="p1">S: * OK [CAPABILITY IMAP4rev1 LITERAL&#43; ID ENABLE STARTTLS AUTH=LOGIN AUTH=PLAIN SASL-IR] haywardfamily.org Cyrus IMAP v2.4.17 server ready^M</p>

<p class="p1">C: A01 AUTHENTICATE LOGIN^M</p>

<p class="p1">S: &#43; VXNlcm5hbWU6^M</p>

<p class="p1">Please enter your password:&nbsp;</p>

<p class="p1">C: bGluZGE=^M</p>

<p class="p1">S: &#43; UGFzc3dvcmQ6^M</p>

<p class="p1">C: MnphcHB5^M</p>

<p class="p1">S: A01 OK [CAPABILITY IMAP4rev1 LITERAL&#43; ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES

 ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE IDLE] Success (no protection) SESSIONID=&lt;haywardfamily.org-4536-1435409698-1&gt;^M</p>

<p class="p1">Authenticated.</p>

<p class="p1">Security strength factor: 0</p>

<p class="p1">^CC: Q01 LOGOUT^M</p>

<p class="p1">Connection closed.</p>

<p class="p1">bash-3.2$ sivtest -a linda -u linda localhost</p>

<p class="p1">S: &quot;IMPLEMENTATION&quot; &quot;Cyrus timsieved v2.4.17&quot;^M</p>

<p class="p1"><span class="s1"></span></p>

<p class="p1">S: &quot;SASL&quot; &quot;LOGIN PLAIN&quot;^M</p>

</div>

<div>

<div>S: &quot;SIEVE&quot; &quot;comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy&quot;^M</div>

<div>S: &quot;STARTTLS&quot;^M</div>

<div>S: &quot;UNAUTHENTICATE&quot;^M</div>

<div>S: OK^M</div>

<div>C: AUTHENTICATE &quot;LOGIN&quot;^M</div>

<div>S: {12}^M</div>

<div>S: VXNlcm5hbWU6^M</div>

<div>Please enter your password:&nbsp;</div>

<div>C: {8&#43;}^M</div>

<div>C: bGluZGE=^M</div>

<div>S: {12}^M</div>

<div>S: UGFzc3dvcmQ6^M</div>

<div>C: {8&#43;}^M</div>

<div>C: MnphcHB5^M</div>

<div>S: NO &quot;Authentication Error&quot;^M</div>

<div>Authentication failed. generic failure</div>

<div>Security strength factor: 0</div>

<div>^CC: LOGOUT^M</div>

<div>Connection closed.</div>

<div>bash-3.2$ exit</div>

<div>exit</div>

<div><br>

</div>

</div>

<div>Script done on Sat Jun 27 07:55:49 2015<br>

</div>

<div>==== end of sieve.log ===</div>

<div><br>

</div>

<div>Any suggestions on how to resolve this issue?</div>

<div><br>

</div>

<div>Some additional questions:</div>

<div><br>

</div>

<div>1) if one is trying to use sasldb with sasl_auxprop_plugin then saslauthd is out of the picture - I have it running but don't think it needs to be involved.</div>

<div><br>

</div>

<div>2) There appears to be both login and plain mechanisms - on imtest I can specify either and they both authenticate - which one should I be focused on?</div>

<div><br>

</div>

<div>TIA</div>

<div>johnh...</div>

</div>

</body>

</html>