Simplest way to get imap authentication with sasldb working?

Dan White dwhite at olp.net
Mon Oct 19 17:28:34 EDT 2009


On 20/10/09 09:51 +1300, Raimund Eimann wrote:
>This is what I have in my imapd.conf:
>
>#sasl_pwcheck_method: saslauthd
>sasl_pwcheck_method: auxprop
>sasl_mech_list: PLAIN LOGIN
>
>As the first line is commented out, I guess all sasl_pwcheck_methods will
>be used as you described in your e-mail.

It looks like you have explicitly specified auxprop (only), in the second
line.

>raimund at callisto # imtest -u raimund callisto
>S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN
>AUTH=LOGIN SASL-IR] callisto Cyrus IMAP4 v2.3.11 server ready
>C: C01 CAPABILITY
>S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN
>SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
>NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
>THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
>IDLE X-NETSCAPE URLAUTH
>S: C01 OK Completed
>Please enter your password:
>C: A01 AUTHENTICATE PLAIN cmFpbXVuZEBjYWxsaXN0bwByb290AGJi

Note: including the authenticate string in your email now makes your
password publicly known. You should change it.

If I'm interpreting that string correctly, you are logging in with:

authentication name: root
authorization name: raimund at callisto

Try:

imtest -a raimund callistro

instead. Do 'imtest -h' for an explanation of the options.

Also, your authentication username must match the username you placed into
your /etc/sasldb file. If you place raimund into your sasldb file, but
attempt to authenticate as raimund at callisto, it will not work, unless
you're using virtual domains and have specified a default domain.

See your syslog (mail.log/auth.log) when your authentication fails. It
should show you which username it thinks you're logging in with.

-- 
Dan White


More information about the Cyrus-sasl mailing list