SASL auth failing in 2 of 6 imtest cases. why?
OpenMacNews
openmacnews at speakeasy.net
Fri Oct 7 16:38:26 EDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi all,
i'm having a problem with SASL AUTH, using cyrus-imap's "imtest".
in summary, i've created two users in sasldb2.
testing imtest connection to each, imtest AUTH fails in 2 of 6 cases:
(1) OK: from LOCALHOST box on LOCALHOST svr intfc, as user1
(2) OK: from LOCALHOST box on LOCALHOST svr intfc, as user2
(3) OK: from LOCALHOST box on LOCALHOST svr intfc, proxy user2 w/ user1 AUTH creds
(4) FAIL: from EXTERNAL box on EXTERNAL svr intfc, as user1
(5) OK: from EXTERNAL box on EXTERNAL svr intfc, as user2
(6) FAIL: from EXTERNAL box on EXTERNAL svr intfc, proxy user2 w/ user1 AUTH creds
the simple question is, why do (4) & (6) FAIL?
thx for any help!
richard
details follow HERE:
========================================
my install is:
name : Cyrus IMAPD
version : v2.2.12 2005/02/14 16:43:51
vendor : Project Cyrus
support-url: http://asg.web.cmu.edu/cyrus
os : Darwin
os-version : 8.2.0
environment: Built w/Cyrus SASL 2.1.22
Running w/Cyrus SASL 2.1.22
Built w/Sleepycat Software: Berkeley DB 4.3.28: (July 20, 2005)
Running w/Sleepycat Software: Berkeley DB 4.3.28: (July 20, 2005)
Built w/OpenSSL 0.9.7g 11 Apr 2005
Running w/OpenSSL 0.9.7g 11 Apr 2005
CMU Sieve 2.2
mmap = shared
lock = fcntl
nonblock = fcntl
auth = unix
idle = idled
on
Darwin devbox 8.2.0 Darwin Kernel Version 8.2.0: Fri Jun 24 17:46:54 PDT 2005;
root:xnu-792.2.4.obj~3/RELEASE_PPC Power Macintosh powerpc
and, my imapd.conf includes:
admins: my.admin
sasl_minimum_layer: 0
allowplaintext: no
sasl_mech_list: PLAIN
virtdomains: on
defaultdomain: mail.testdomain.com
servername: mail.testdomain.com
loginrealms: localhost mail.testdomain.com
first, i construct my userDB:
rm USERS/sasldb2
# create user(1) in top level, for realm = mail.testdomain.com
saslpasswd2 -f USERS/sasldb2 -c -u mail.testdomain.com my.admin
# create user(2) in virtual domain, for realm = mail.testdomain.com
saslpasswd2 -f USERS/sasldb2 -c -u mail.testdomain.com my.user at testdomain.com
# verify existence of users
sasldblistusers2 -f USERS/sasldb2
my.admin at mail.testdomain.com: userPassword
my.user at testdomain.com: userPassword
next i check each user's login with imtest:
(1) SUCCEED
from LOCALHOST box on LOCALHOST intfc, as user(1)
imtest -v \
-t "CERTS/mail.testdomain.com.CYRUSkey.rsa.pem" \
-p imap \
-m plain \
-a my.admin at mail.testdomain.com \
-u my.admin at mail.testdomain.com \
-r mail.testdomain.com\
localhost
log: -->
login: localhost [127.0.0.1] my.admin at mail.testdomain.com PLAIN+TLS User logged in
console: -->
S: A01 OK Success (tls protection)
Authenticated.
is OK.
(2) SUCCEED
from LOCALHOST box on LOCALHOST intfc, as user(2)
imtest -v \
-t "CERTS/mail.testdomain.com.CYRUSkey.rsa.pem" \
-p imap \
-m plain \
-a my.user at testdomain.com \
-u my.user at testdomain.com \
-r mail.testdomain.com \
localhost
log: -->
login: localhost [127.0.0.1] my.user at testdomain.com PLAIN+TLS User logged in
console: -->
S: A01 OK Success (tls protection)
Authenticated.
is OK.
(3) SUCCEED
from LOCALHOST box on LOCALHOST intfc, proxy as user(2) w/ user(1) AUTH creds
imtest -v \
-t "CERTS/mail.testdomain.com.CYRUSkey.rsa.pem" \
-p imap \
-m plain \
-a my.admin at mail.testdomain.com \
-u my.user at testdomain.com \
-r mail.testdomain.com \
localhost
log: -->
login: localhost [127.0.0.1] my.user at testdomain.com PLAIN+TLS User logged in
console: -->
S: A01 OK Success (tls protection)
Authenticated.
(4) FAIL
from EXTERNAL box on EXTERNAL intfc, as user(1)
imtest -v \
-t "CERTS/mail.testdomain.com.CYRUSkey.rsa.pem" \
-p imap \
-m plain \
-a my.admin at mail.testdomain.com \
-u my.admin at mail.testdomain.com \
-r mail.testdomain.com\
mail.testdomain.com
log: -->
badlogin: pb1.testdomain.com [10.0.0.6] PLAIN [SASL(-13): user not found: Password verification
failed]
console: -->
S: A01 NO user not found
Authentication failed. generic failure
(5) SUCCEED
from EXTERNAL box on EXTERNAL intfc, as user(2)
imtest -v \
-t "CERTS/mail.testdomain.com.CYRUSkey.rsa.pem" \
-p imap \
-m plain \
-a my.user at testdomain.com \
-u my.user at testdomain.com \
-r mail.testdomain.com\
mail.testdomain.com
log: -->
login: pb1.testdomain.com [10.0.0.6] my.user at testdomain.com PLAIN+TLS User logged in
console: -->
S: A01 OK Success (tls protection)
Authenticated.
(6) FAIL
from EXTERNAL box on EXTERNAL intfc, proxy user(2) w/ user(1) AUTH creds
imtest -v \
-t "CERTS/mail.testdomain.com.CYRUSkey.rsa.pem" \
-p imap \
-m plain \
-a my.admin at mail.testdomain.com \
-u my.user at testdomain.com \
-r mail.testdomain.com\
mail.testdomain.com
log: -->
badlogin: tiedgar.presence-group.net [172.30.11.6] PLAIN [SASL(-13): user not found: Password
verification failed]
console: -->
S: A01 NO user not found
Authentication failed. generic failure
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
iEYEAREDAAYFAkNG3MEACgkQGnqMy4gvZ6GUaACeOD/mVxL/C5JW/XgJrJZ2S7kR
XKQAn0zTarGFXK5zSaMEfHwTLqbtks6b
=fhMJ
-----END PGP SIGNATURE-----
More information about the Cyrus-sasl
mailing list