POP3 authentication problem. Please Help.

Ken Murchison ken at oceana.com
Tue Oct 1 20:43:16 EDT 2002


Quoting Ken Murchison <ken at oceana.com>:

> 
> 
> Sergey Merkuriev wrote:
> > 
> > Hello All,
> > 
> > Have trouble with POP3 it not work properly. I have two users: user1 and
> > user2. The user1 have imap account and can login into IMAP server but
> can't
> > login into POP3 server and user2 cant login into POP3 server. The files
> > user1 and user2 exists in the directory /var/spool/email. There is log
> > strange records from pop3d.
> > 
> > Have IMAP and POP3 Server.
> > 
> > /usr/local/sbin/saslauthd -a shadow
> > 
> > imap.conf
> > 
> > configdirectory: /var/imap
> > partition-default: /var/spool/imap
> > admins: cyrus root
> > srvtab: /var/imap/srvtab
> > sievedir: /var/sieve
> > allowanonymouslogin: no
> > sasl_pwcheck_method: saslauthd
> > allowplaintext: yes
> > 
> > cyrus.conf
> > ...
> > imap          cmd="imapd" listen="imap" prefork=0
> > pop3          cmd="pop3d" listen="pop3" prefork=0
> > 
> > auth.log:
> > ....
> > Oct  1 22:38:16 abtweb pop3d[29440]: could not find auxprop plugin, was
> > searching for '[all]'
> > Oct  1 22:38:16 abtweb pop3d[29440]: could not find password
> > 
> > ./pop3test -u user2 localhost
> > 
> > S: +OK abtweb Cyrus POP3 v2.1.9 server ready
> <2878525666.1033498506 at abtweb>
> > C: CAPA
> > S: +OK List of capabilities follows
> > S: EXPIRE NEVER
> > S: LOGIN-DELAY 0
> > S: TOP
> > S: UIDL
> > S: PIPELINING
> > S: RESP-CODES
> > S: AUTH-RESP-CODE
> > S: USER
> > S: IMPLEMENTATION Cyrus POP3 server v2.1.9
> > S: .
> > Please enter your password:
> > C: APOP root 8cec702222679eae661ac964b834e1d8
> > S: -ERR [AUTH] authenticating: another step is needed in authentication
> > Authentication failed. generic failure
> > Security strength factor: 0
> 
> Try:
> 
> ./pop3test -u user2 -m user localhost
> 
> The fact that pop3d is advertising APOP (with a challenge in the banner)
> without auxprop being available is a bug.  I'll look into it.

After thinking about this some more, this isn't a bug at all (perhaps the error 
is misleading however).  Any time that a client/server tries to use a 
non-plaintext mechanism (APOP, CRAM-MD5, etc), the mechanism will try to lookup 
the password in sasldb2.

Unfortunately for you, pop3test always tries to use the strongest mechanism 
advertised by the server, so it tried APOP.

You can disable APOP when you compile SASL, but perhaps we need a runtime 
configure option as well.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp




More information about the Info-cyrus mailing list