Problems running CyrAdm

Nikola Milutinovic Nikola.Milutinovic at ev.co.yu
Fri Apr 18 06:22:12 EDT 2003 

Patrick Welche wrote:
> On Thu, Apr 17, 2003 at 07:46:17AM +0200, Nikola Milutinovic wrote:
> ...
> 
>>QUESTIONS
>>---------
>>
>>While I can accept that maybe Perl 5.8.0-MT is buggy (I've ran all the 
>>tests, but I cannot guarantee),
> 
> 
> You can take perl out of the list of possibilities by using imtest instead
> of cyradm...

> ... so then you can check which mechanisms are used, in other words check
> the syntax of /etc/imapd.conf, using imtest, possibly with the
> [ -m mechanism ] flag.

Now a bit of strangeness:
-----------------------------------------------------------------------------
# ./imtest -u root -v -m plain localhost
S: * OK Legba.ev.co.yu Cyrus IMAP4 v2.1.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE 
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=GSSAPI AUTH=OTP 
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0

. LOGIN root root00
. OK User logged in
-----------------------------------------------------------------------------

So, the user/pass that I'm storing in sasl2.db is OK and recognized by the 
server, but "PLAIN" isn't advertised. Is "LOGIN" command of IMAP (the one I used 
to login) the same as "AUTHENTICATE PLAIN"? I know there are "PLAIN" (as being 
plaintext login) and "LOGIN" (unsupported Microsoft propriatery method) methods. 
What exactly is going on here?

Also, trying from "cyradm" on Perl-5.6.1 (as suggested by Kevin Williams 
<kwilliams at equiscape.com>) and explicitely choosing "PLAIN" mechanism:

-----------------------------------------------------------------------------
# ./cyradm --user=root --auth=plain legba.ev.co.yu
Password:
IMAP Password:

legba.ev.co.yu>
-----------------------------------------------------------------------------

In both cases, this is what I see in the logs:

Apr 18 12:05:54 Legba imapd[21104]: badlogin: localhost[127.0.0.1]
PLAIN [SASL(-4): no mechanism available: security flags do not match required]
Apr 18 12:06:29 Legba imapd[21104]: login: localhost[127.0.0.1] root plaintext

Apr 18 12:08:53 Legba imapd[22096]: badlogin: Uprava.ev.co.yu[192.168.61.11] 
PLAIN [SASL(-4): no mechanism available: security flags do not match required]
Apr 18 12:09:02 Legba imapd[22096]: login: Uprava.ev.co.yu[192.168.61.11] root 
plaintext

This is a snippet from my imapd.conf, regarding authentication:

-----------------------------------------------------------------------------
admins:                 root cyrus
loginuseacl:            no

allowanonymouslogin:    no
allowplaintext:         yes
plaintextloginpause:    10
sasl_maximum_layer:     256
sasl_minimum_layer:     0
sasl_auto_transition:   no
sasl_pwcheck_method:    auxprop
-----------------------------------------------------------------------------

So, any idea?

More information about the Info-cyrus mailing list