saslauthd against courier-imap server results in "Unexpected response from remote authentication server"
Oguz Yilmaz
oguzyilmazlist at gmail.com
Wed Apr 28 04:14:56 EDT 2010
What can be the problem ? It works on 2.1.15 and not works on 2.1.22
and 2.1.24rc.
Are there anybody to show a way?
I have tried to compile 2.1.15 rpm in EL5 wwith no success.
On Thu, Apr 22, 2010 at 9:26 AM, Oguz Yilmaz <oguzyilmazlist at gmail.com> wrote:
> Greeting of the imap server is:
>
> * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION
> STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision,
> Inc. See COPYING for distribution information.
>
> Actually saslauthd give up after imap server has sent the "OK LOGIN
> Ok" message. It does not wait for the answer because of some error. At
> Redhat Bugzilla, there is similar problem with Dovecot. however the
> patch Lutz provided does not work with Courier IMAP.
> https://bugzilla.redhat.com/show_bug.cgi?id=582540
>
> Some Tcpdump output:
>
> 09:07:21.963576 IP 192.168.1.2.42412 > 12.12.12.12.143: P 1:58(57) ack
> 47 win 46 <nop,nop,timestamp 526135 408482924>
> q......b....."o..JGZ......<.....
> ...7.X.lsaslauthd LOGIN "test ....
>
> 09:07:22.435365 IP 12.12.12.12.143 > 192.168.1.2.42412: P 47:243(196)
> ack 1 win 33360 <nop,nop,timestamp 408483396 526134>
> E..... at .:.I...b.........JGZ."o.....P.......
> .X.D...6MESPACE THREAD=ORDEREDSUBJEC
>
> 09:07:22.435814 IP 192.168.1.2.42412 > 12.12.12.12.143: F 58:58(0) ack
> 243 win 54 <nop,nop,timestamp 526607 408483396>
> .......b....."o.GJGZ....63......
> .. ..X.D
>
> 09:07:22.534349 IP 12.12.12.12.143 > 192.168.1.2.42412: P 243:267(24)
> ack 58 win 33360 <nop,nop,timestamp 408483496 526135>
> E..L.. at .:.J...b.........JGZ."o.G...P.F.....
> .X.....7saslauthd OK LOGIN Ok.
>
> 09:07:22.534479 IP 192.168.1.2.42412 > 12.12.12.12.143: R
> 577750087:577750087(0) win 0
> E..(.. at .@.A.......b....."o.G....P...)...
>
>
> Some Strace Output:
>
> socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 8
> connect(8, {sa_family=AF_INET, sin_port=htons(143),
> sin_addr=inet_addr("12.12.12.12")}, 16) = 0
> rt_sigaction(SIGALRM, {0x804b6a0, [ALRM], SA_RESTART}, {0x1, [], 0}, 8) = 0
> rt_sigaction(SIGPIPE, {0x804b6a0, [PIPE], SA_RESTART}, {0x1, [], 0}, 8) = 0
> alarm(30) = 0
> read(8, "* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NA", 1000) = 46
> alarm(0) = 30
> alarm(30) = 0
> writev(8, [{"saslauthd LOGIN ", 16}, {"\"test\"", 30}, {" ", 1},
> {"\"test\"", 8}, {"\r\n", 2}], 5) = 57
> alarm(0) = 30
> alarm(30) = 0
> read(8, "MESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA
> IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005
> Double Precision, Inc. See COPYING for distribution
> information.\r\n", 1000) = 196
> alarm(0) = 30
> close(8) = 0
> time(NULL) = 1271917242
> stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
> stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
> stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
> send(3, "<36>Apr 22 09:20:42 saslauthd[13399]: auth_rimap: unexpected
> response to auth request: MESPACE THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS]
> Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See
> COPYING for distribution information.\0", 282, MSG_NOSIGNAL) = 282
> time(NULL) = 1271917242
> stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
> stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
> stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2721, ...}) = 0
> send(3, "<38>Apr 22 09:20:42 saslauthd[13399]: do_auth : auth
> failure: [user=test] [service=smtp] [realm=] [mech=rimap]
> [reason=[ALERT] Unexpected response from remote authentication
> server]\0", 214, MSG_NOSIGNAL) = 214
> write(7, "\0@", 2) = 2
> write(7, "NO [ALERT] Unexpected response from remote authentication
> server", 64) = 64
> close(7) = 0
> fcntl64(6, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=1}) = 0
> accept(5,
>
>
>
>
>
> On Thu, Apr 22, 2010 at 1:37 AM, Dan White <dwhite at olp.net> wrote:
>> On 21/04/10 11:02 +0300, Oguz Yilmaz wrote:
>>>
>>> My test was with RHEL 5.4 saslauthd 2.1.22-5.el5 against Courier-IMAP
>>> server 3.0.8.
>>>
>>> Apr 21 10:36:47 2010 saslauthd[23061]: auth_rimap: unexpected response to
>>> auth
>>> request: MESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE
>>> ACL
>>> ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double
>>> Precision,
>>> Inc. See COPYING for distribution information.
>>>
>>> Apr 21 10:36:47 2010 saslauthd[23061]: do_auth : auth failure:
>>> [user=test] [service=smtp] [realm=] [mech=rimap] [reason=[ALERT]
>>> Unexpected
>>> response from remote authentication server]
>>>
>>> Another point: Another server with RHEL 3.4 with cyrus-sasl-2.1.15-10 is
>>> working without any error.
>>
>> Oguz,
>>
>> Can you provide a complete capabilities output that the remote server is
>> providing (The initial greeting you see when you telnet to port 143)?
>>
>> The 'unexpected response to auth request' seems to occur after saslauthd
>> has believed that it has received the initial greeting, has sent the 'login
>> user pass', and is expecting to receive an OK/NO.
>>
>> If saslauthd and the imap server happen to be on the same host (and you
>> don't otherwise need to use saslauthd), you could use 'pwcheck_method:
>> authdaemond', instead. If you do, you'll need to also provide
>> an authdaemond_path parameter.
>>
>> --
>> Dan White
>>
>
More information about the Cyrus-sasl
mailing list