Problems with saslauthd on HP-UX in trusted system mode

Claus Malter lists at sprayen.de
Mon Nov 28 08:25:18 EST 2005 

Hello all,

At work I've got the order to set up an IMAP server. Our operating
system is HP-UX 11.11. We have installed a so called iexpress package
provided by HP. That package includes the imapd and the saslauthd with
all of the libaries.
Due to the fact that HP-UX is working in Trusted System Mode (Trusted 
Computer Base) we have some trouble with authenticating against the 
saslauthd. The imapd (master) process is running and connects to the 
saslauthd to authenticate the user. I've tested it at localhost with 
'imtest':

mchphost:/opt/iexpress/cyrussasl/sbin# imtest -u mail -a mail
WARNING: no hostname supplied, assuming localhost

S: * OK mchphost Cyrus IMAP4 v2.2.9 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS AUTH=OTP AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
LISTEXT LIST-SUBSCRIBED
S: C01 OK Completed
Please enter your secret pass-phrase:
C: A01 AUTHENTICATE OTP bWadpbArtYWef
S: A01 NO user not found
Authentication failed. generic failure
Security strength factor: 0

The error in the syslog:

Nov 28 10:24:18 mchphost imap[23029]: badlogin: localhost [127.0.0.1]
OTP [SASL(-13): user not found: no OTP secret in database]

I've added the user 'mail' with the commands 'saslpasswd2 -c mail' and
'saslpasswd2 -n mail':

mchphost:/opt/iexpress/cyrussasl/sbin# ./sasldblistusers2
mail at mchphost: userPassword
mail at mchphost: cmusaslsecretOTP

I've tested the authentication options (-a) getpwent and pam with
saslauthd. The option shadow is not provided by our package.

The imapd.conf:

servername: mchphost
configdirectory: /imap/config
partition-default: /imap/mailbox
admins: cyrus
allowanonymouslogin: no
timeout: 30
sasl_pwcheck_method: saslauthd
#sasl_pwcheck_method: pwcheck
tls_cert_file: /imap/config/cert/server.pem
tls_key_file: /imap/config/cert/server.pem

We have no saslauthd.conf. The HP-UX package did not created one.

Hopefully anyone could help us. Thank you in advance.

Kind regards,

Claus Malter

More information about the Cyrus-sasl mailing list