Problems with saslauthd on HP-UX in trusted system mode

Simon Matter simon.matter at ch.sauter-bc.com
Wed Nov 30 02:39:50 EST 2005


> Hello all,
>
> At work I've got the order to set up an IMAP server. Our operating
> system is HP-UX 11.11. We have installed a so called iexpress package
> provided by HP. That package includes the imapd and the saslauthd with
> all of the libaries.
> Due to the fact that HP-UX is working in Trusted System Mode (Trusted
> Computer Base) we have some trouble with authenticating against the
> saslauthd. The imapd (master) process is running and connects to the
> saslauthd to authenticate the user. I've tested it at localhost with
> 'imtest':
>
> mchphost:/opt/iexpress/cyrussasl/sbin# imtest -u mail -a mail
> WARNING: no hostname supplied, assuming localhost
>
> S: * OK mchphost Cyrus IMAP4 v2.2.9 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> STARTTLS AUTH=OTP AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
> LISTEXT LIST-SUBSCRIBED
> S: C01 OK Completed
> Please enter your secret pass-phrase:
> C: A01 AUTHENTICATE OTP bWadpbArtYWef
> S: A01 NO user not found
> Authentication failed. generic failure
> Security strength factor: 0
>
> The error in the syslog:
>
> Nov 28 10:24:18 mchphost imap[23029]: badlogin: localhost [127.0.0.1]
> OTP [SASL(-13): user not found: no OTP secret in database]
>
> I've added the user 'mail' with the commands 'saslpasswd2 -c mail' and
> 'saslpasswd2 -n mail':
>
> mchphost:/opt/iexpress/cyrussasl/sbin# ./sasldblistusers2
> mail at mchphost: userPassword
> mail at mchphost: cmusaslsecretOTP
>
> I've tested the authentication options (-a) getpwent and pam with
> saslauthd. The option shadow is not provided by our package.
>
> The imapd.conf:
>
> servername: mchphost
> configdirectory: /imap/config
> partition-default: /imap/mailbox
> admins: cyrus
> allowanonymouslogin: no
> timeout: 30
> sasl_pwcheck_method: saslauthd
> #sasl_pwcheck_method: pwcheck
> tls_cert_file: /imap/config/cert/server.pem
> tls_key_file: /imap/config/cert/server.pem
>
> We have no saslauthd.conf. The HP-UX package did not created one.
>
> Hopefully anyone could help us. Thank you in advance.

How do you want to authenticate users? If you do it via saslauthd -> PAM,
then you don't need any users in sasldb. You imapd.conf suggests that you
want to use saslauthd, you may also want to put 'sasl_mech_list: PLAIN'
into imapd.conf. Then, you have to start saslauthd and also configure PAM
accordingly.
Your users in sasldb (added with saslpasswd2) are not used with this
config, that's why you get a user mail not found with imtest.

Simon


>
> Kind regards,
>
> Claus Malter
>


More information about the Cyrus-sasl mailing list