Trouble with Cyrus IMAP on FreeBSD
Darren Joy
darrenj at joy.org.uk
Tue Dec 24 05:49:00 EST 2002
Ok, we have progress! And new errors.
Firstly, thanks to Hajimu UMEMOTO for pointing out the hosts.allow entries
are "pop3" and "imap" and not "pop3d" and "imapd" as they used to (and
should) be....grr
Now, my problem is with authentication, details :
As before, I can add to sasldb without problem using saslpasswd, and list
the users from it with sasldblistusers, see :
user: admin realm: myhost.mydomain.com mech: PLAIN-APOP
user: admin realm: myhost.mydomain.com mech: DIGEST-MD5
user: admin realm: myhost.mydomain.com mech: PLAIN
user: admin realm: myhost.mydomain.com mech: CRAM-MD5
permissions on sasldb are :
-rw-r----- 1 cyrus mail 49152 Dec 24 02:14 /usr/local/etc/sasldb
Now, when I try to run cyradm, it won't authenticate, giving two different
errors depending on the method used :
# cyradm --user admin --auth PLAIN --server localhost
Please enter your password:
IMAP Password:
Login failed: NO PAM auth error at
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Cyrus/IMAP/Admin.pm line 78
cyradm: cannot authenticate to server with PLAIN as admin
same with PLAIN-APOP, and the following in logs :
Dec 24 02:05:18 host saslauthd[22572]: AUTHFAIL: admin [PAM auth error]
which leads me to believe I am missing correct POP/IMAP entries in
/etc/pam.conf, but I am at a loss as to what these should be.
or :
# cyradm --user admin --auth CRAM-MD5 --server localhost
Please enter your password:
cyradm: cannot authenticate to server with CRAM-MD5 as admin
same with DIGEST-MD5. These produce the following in the logs :
Dec 24 02:13:58 host imapd[22577]: badlogin: localhost[127.0.0.1]
CRAM-MD5 authentication failure [no secret in database]
This is more worrying as this is the method I want to be ( and am
currently ) using.
My sasl_pwcheck_method is saslauthd, I get identical results from MD5
methods when sasl_pwcheck_method is set to sasldb, and PLAIN methods
result in "no mechanism available" in logs.
Clearly I need some PAM entries, but as for the MD5 methods? Something
wrong with SASL?
Any ideas appreciated.
--
Darren Joy
More information about the Info-cyrus
mailing list