Cyrus-IMAP: trouble with servername and plain authentication

T T quiet.ordinary.man at gmail.com
Mon Feb 6 09:01:19 EST 2012


Hello List,

I've set up a cyrus-imap server on a virtual machine. Initially, I've
configured it to authenticate using GSSAPI/Kerberos V. Worked fine.
Then, as the "real" end-users are not "Kerberised", I've decided to to
switch for simple auxprop/sasldb authentication for the time being.

The first idea was to set up two mechanisms, so that a "kerberised"
user can enjoy SSO, and the rest would use login/password. My
/etc/imapd.conf is below. It didn't work, so I've limited the
mechanisms to auxprop only, stopped the saslauthd, and tried again. It
didn't work. The telnet sessions:

root at mail:~# telnet mail.example.com 143
Trying 172.16.3.9...
Connected to mail.example.com.
Escape character is '^]'.
* OK mail.example.com Cyrus IMAP4 v2.2.13-Debian-2.2.13-19+squeeze3 server ready
01 login tom ********
01 NO Login failed: generic failure

root at mail:~# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK mail.example.com Cyrus IMAP4 v2.2.13-Debian-2.2.13-19+squeeze3 server ready
01 login tom ********
01 NO Login failed: generic failure

Then I've commented out servername: mail.example.com, and then the
simple authentication started to work.

I'm obviously missing something elementary here, but I'm out of my
wits. My questions are:

1. Is it possible to set up BOTH GSSAPI and sasldb authentication
working at the same time, and if yes, then how?
2. Why just specifying a hosts FQDN plain login stops working?

The /etc/imapd.conf

sasl_keytab: /etc/imap.keytab
servername: mail.example.com
loginrealms: EXAMPLE.COM
configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: yes
unixhierarchysep: yes
lmtp_downcase_rcpt: yes
admins: cyrus
imap_admins: cyrus
sieve_admins: cyrus
allowanonymouslogin: no
popminpoll: 1
autocreatequota: 0
umask: 077
sieveusehomedir: false
sievedir: /var/spool/sieve
hashimapspool: true
allowplaintext: yes
sasl_pwcheck_method: auxprop saslauthd
sasl_auxprop_plugin: sasldb
sasl_auto_transition: no
tls_ca_path: /etc/ssl/certs
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
lmtpsocket: /var/spool/postfix/public/lmtp
idlemethod: poll
idlesocket: /var/run/cyrus/socket/idle
notifysocket: /var/run/cyrus/socket/notify
syslog_prefix: cyrus

Thanks in advance!

Toomas


More information about the Cyrus-sasl mailing list