auth problems, cyrus not using my saslauthd/pam config

Steve Maring steve.maring at
Wed May 26 11:39:13 EDT 2010

I am on an Ubuntu 10.04 system with Cyrus 2.2.13 trying to get my imap
user's to auth again my mysql database.

I can do this:

# testsaslauthd -u smaring at -p xxxxxxxx -f
/var/spool/postfix/var/run/saslauthd/mux -s imap
0: OK "Success."

However, I never seem to be able to step up one level and authenticate
through imap:

# cyradm --user smaring at localhost
IMAP Password:
              Login failed: generic failure at
/usr/lib/perl5/Cyrus/IMAP/ line 119
cyradm: cannot authenticate to server as smaring at


# telnet localhost 143
Connected to localhost.
Escape character is '^]'.
* OK server Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready
01 LOGIN smaring at xxxxxxxx
01 NO Login failed: generic failure

when I try to authenticate through imap I never see an auth attempt
show up in /var/log/auth.log and I see this in syslog:

May 26 11:32:31 server cyrus/imap[2218]: accepted connection
May 26 11:32:47 server cyrus/imap[2218]: badlogin: localhost
[] plaintext smaring at SASL(-1): generic failure:
checkpass failed
May 26 11:34:02 server cyrus/master[1133]: process 2218 exited, status 0

my /etc/imapd.conf:

configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: no
unixhierarchysep: yes
lmtp_downcase_rcpt: yes
admins: smaring at
allowanonymouslogin: no
popminpoll: 1
autocreatequota: 0
umask: 077
sieveusehomedir: false
sievedir: /var/spool/sieve
hashimapspool: true
allowplaintext: yes
sasl_mech_list: PLAIN LOGIN
virtdomains: userid
sasl_pwcheck_method: saslauthd
sasl_auto_transition: no
tls_cert_file: /etc/ssl/certs/smtpd.crt
tls_key_file: /etc/ssl/private/smtpd.key
tls_ca_file: /etc/ssl/certs/cacert.pem
tls_ca_path: /etc/ssl/certs
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
lmtpsocket: /var/run/cyrus/socket/lmtp
idlemethod: poll
idlesocket: /var/run/cyrus/socket/idle
notifysocket: /var/run/cyrus/socket/notify
syslog_prefix: cyrus

my /etc/cyrusd.conf:

        recover         cmd="/usr/sbin/ctl_cyrusdb -r"
        delprune        cmd="/usr/sbin/cyr_expire -E 3"
        tlsprune        cmd="/usr/sbin/tls_prune"
        imap            cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
        imaps           cmd="imapd -s -U 30" listen="imaps" prefork=0
        lmtpunix        cmd="lmtpd"
listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20
        sieve           cmd="timsieved" listen="localhost:sieve"
prefork=0 maxchild=100
        notify          cmd="notifyd"
listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1

        checkpoint      cmd="/usr/sbin/ctl_cyrusdb -c" period=30
        delprune        cmd="/usr/sbin/cyr_expire -E 3" at=0401
        tlsprune        cmd="/usr/sbin/tls_prune" at=0401

my /etc/pam.d/imap has only:

auth sufficient ...
account required ...

my /etc/default/saslauthd:

DESC="SASL Authentication Daemon"
OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"

Many thanks for any thoughts,
Steve Maring
Tampa, FL

More information about the Cyrus-sasl mailing list