saslauthd against courier-imap server results in "Unexpected response from remote authentication server"
Oguz Yilmaz
oguzyilmazlist at gmail.com
Thu Apr 22 02:26:30 EDT 2010
Greeting of the imap server is:
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION
STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision,
Inc. See COPYING for distribution information.
Actually saslauthd give up after imap server has sent the "OK LOGIN
Ok" message. It does not wait for the answer because of some error. At
Redhat Bugzilla, there is similar problem with Dovecot. however the
patch Lutz provided does not work with Courier IMAP.
https://bugzilla.redhat.com/show_bug.cgi?id=582540
Some Tcpdump output:
09:07:21.963576 IP 192.168.1.2.42412 > 12.12.12.12.143: P 1:58(57) ack
47 win 46 <nop,nop,timestamp 526135 408482924>
q......b....."o..JGZ......<.....
...7.X.lsaslauthd LOGIN "test ....
09:07:22.435365 IP 12.12.12.12.143 > 192.168.1.2.42412: P 47:243(196)
ack 1 win 33360 <nop,nop,timestamp 408483396 526134>
E..... at .:.I...b.........JGZ."o.....P.......
.X.D...6MESPACE THREAD=ORDEREDSUBJEC
09:07:22.435814 IP 192.168.1.2.42412 > 12.12.12.12.143: F 58:58(0) ack
243 win 54 <nop,nop,timestamp 526607 408483396>
.......b....."o.GJGZ....63......
.. ..X.D
09:07:22.534349 IP 12.12.12.12.143 > 192.168.1.2.42412: P 243:267(24)
ack 58 win 33360 <nop,nop,timestamp 408483496 526135>
E..L.. at .:.J...b.........JGZ."o.G...P.F.....
.X.....7saslauthd OK LOGIN Ok.
09:07:22.534479 IP 192.168.1.2.42412 > 12.12.12.12.143: R
577750087:577750087(0) win 0
E..(.. at .@.A.......b....."o.G....P...)...
Some Strace Output:
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 8
connect(8, {sa_family=AF_INET, sin_port=htons(143),
sin_addr=inet_addr("12.12.12.12")}, 16) = 0
rt_sigaction(SIGALRM, {0x804b6a0, [ALRM], SA_RESTART}, {0x1, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x804b6a0, [PIPE], SA_RESTART}, {0x1, [], 0}, 8) = 0
alarm(30) = 0
read(8, "* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NA", 1000) = 46
alarm(0) = 30
alarm(30) = 0
writev(8, [{"saslauthd LOGIN ", 16}, {"\"test\"", 30}, {" ", 1},
{"\"test\"", 8}, {"\r\n", 2}], 5) = 57
alarm(0) = 30
alarm(30) = 0
read(8, "MESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA
IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005
Double Precision, Inc. See COPYING for distribution
information.\r\n", 1000) = 196
alarm(0) = 30
close(8) = 0
time(NULL) = 1271917242
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
send(3, "<36>Apr 22 09:20:42 saslauthd[13399]: auth_rimap: unexpected
response to auth request: MESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS]
Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See
COPYING for distribution information.\0", 282, MSG_NOSIGNAL) = 282
time(NULL) = 1271917242
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
send(3, "<38>Apr 22 09:20:42 saslauthd[13399]: do_auth : auth
failure: [user=test] [service=smtp] [realm=] [mech=rimap]
[reason=[ALERT] Unexpected response from remote authentication
server]\0", 214, MSG_NOSIGNAL) = 214
write(7, "\0@", 2) = 2
write(7, "NO [ALERT] Unexpected response from remote authentication
server", 64) = 64
close(7) = 0
fcntl64(6, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=1}) = 0
accept(5,
On Thu, Apr 22, 2010 at 1:37 AM, Dan White <dwhite at olp.net> wrote:
> On 21/04/10 11:02 +0300, Oguz Yilmaz wrote:
>>
>> My test was with RHEL 5.4 saslauthd 2.1.22-5.el5 against Courier-IMAP
>> server 3.0.8.
>>
>> Apr 21 10:36:47 2010 saslauthd[23061]: auth_rimap: unexpected response to
>> auth
>> request: MESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE
>> ACL
>> ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double
>> Precision,
>> Inc. See COPYING for distribution information.
>>
>> Apr 21 10:36:47 2010 saslauthd[23061]: do_auth : auth failure:
>> [user=test] [service=smtp] [realm=] [mech=rimap] [reason=[ALERT]
>> Unexpected
>> response from remote authentication server]
>>
>> Another point: Another server with RHEL 3.4 with cyrus-sasl-2.1.15-10 is
>> working without any error.
>
> Oguz,
>
> Can you provide a complete capabilities output that the remote server is
> providing (The initial greeting you see when you telnet to port 143)?
>
> The 'unexpected response to auth request' seems to occur after saslauthd
> has believed that it has received the initial greeting, has sent the 'login
> user pass', and is expecting to receive an OK/NO.
>
> If saslauthd and the imap server happen to be on the same host (and you
> don't otherwise need to use saslauthd), you could use 'pwcheck_method:
> authdaemond', instead. If you do, you'll need to also provide
> an authdaemond_path parameter.
>
> --
> Dan White
>
More information about the Cyrus-sasl
mailing list