SASL 2.1.24 RC1 - no mechanism available: security flags do not match required

Rosenbaum, Larry M. rosenbaumlm at ornl.gov
Wed Sep 16 14:09:38 EDT 2009 

I get the following when I try to run cyradm:

ornl71# cyradm localhost --tls
Password: (I enter the password here)
IMAP Password:  (I shouldn't get this prompt)

The log file shows the following entries:

Sep 16 11:43:55 ornl71 imap[7466]: [ID 921384 local6.debug] accepted connection
Sep 16 11:43:55 ornl71 imap[7466]: [ID 286863 local6.notice] imapd:Loading hard-coded DH parameters
Sep 16 11:43:55 ornl71 imap[7466]: [ID 277171 local6.error] TLS server engine: No CA file specified. Client side certs may not work
Sep 16 11:43:55 ornl71 imap[7466]: [ID 574029 local6.debug] SSL_accept() incomplete -> wait
Sep 16 11:43:56 ornl71 imap[7466]: [ID 867439 local6.debug] SSL_accept() succeeded -> done
Sep 16 11:43:56 ornl71 imap[7466]: [ID 379946 local6.notice] starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Sep 16 11:44:02 ornl71 imap[7466]: [ID 824502 local6.notice] badlogin: localhost [127.0.0.1] PLAIN [SASL(-4): no mechanism available: security flags do not match required]
This doesn't happen with v2.1.22.

When I connect with Thunderbird, the log files also show that it takes two login attempts, although Thunderbird only prompts me once.

Sep 16 14:07:01 ornl71 imap[7600]: [ID 379946 local6.notice] starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Sep 16 14:07:05 ornl71 imap[7600]: [ID 824502 local6.notice] badlogin: rosenbaumlm42.ornl.gov [160.91.217.127] plain [SASL(-4): no mechanism available: security flags do not match required]
Sep 16 14:07:08 ornl71 imap[7600]: [ID 277583 local6.notice] login: rosenbaumlm42.ornl.gov [160.91.217.127] lmr plaintext+TLS User logged in

name       : Cyrus IMAPD
version    : v2.3.15 2009/09/09 12:35:48
vendor     : Project Cyrus
support-url: http://cyrusimap.web.cmu.edu
os         : SunOS
os-version : 5.9
environment: Built w/Cyrus SASL 2.1.24
             Running w/Cyrus SASL 2.1.24
             Built w/Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
             Running w/Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
             Built w/OpenSSL 0.9.8j 07 Jan 2009
             Running w/OpenSSL 0.9.8j 07 Jan 2009
             Built w/zlib 1.2.3
             Running w/zlib 1.2.3
             CMU Sieve 2.3
             mmap = shared
             lock = fcntl
             nonblock = fcntl
             idle = idled

I built Cyrus-SASL with the following config:

CC=gcc ./configure \
  --disable-cram \
  --disable-digest \
  --disable-otp \
  --disable-krb4 \
  --disable-gssapi \
  --disable-anon \
  --enable-plain \
  --with-dblib=none \
  --with-openssl=/usr/local/ssl \
  --with-saslauthd=/var/saslauthd


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20090916/829ded43/attachment.html

More information about the Cyrus-sasl mailing list