Cyrus IMAPd v2.1.15 / SASLv2 v2.1.15 fails

Marc-Christian Petersen m.c.p at gmx.net
Fri Aug 29 05:12:14 EDT 2003 

On Friday 29 August 2003 07:51, Nikola Milutinovic wrote:

Hi Nikola,

> Why BOTH pwcheck and saslauthd?
good question ;) ... I tried almost everything to get this working what I 
want. Normally I don't enable this.

> Strange. Why is it NOT showing "GSSAPI" (Kerberos 5)?
I don't have kerberos headers installed, so I assume the configure script did 
not detect it, so ... :)

> Anyway, this could easily be caused by "Minimum SSF" setting in the config
> file. "PLAIN" and "LOGIN" are just unsecure methods, doing no encryption
> and, thus, their SSF (Security Strength Factor) is 0. It could be that your
> IMAP server is simply refusing to list and accept those mechs. Try the same
> thing over TLS:
> ./imtest -u mcp -a mcp -m login -v -t ""
I tried to set SSF to 0, no change. Yes, and above works if I use it over TLS. 
I enabled this this night, after I wrote my mail to the list.

Anyway, I cannot use CRAM-MD5 :(

Aug 29 11:08:42 codeman imapd[2718]: starttls: TLSv1 with cipher AES256-SHA 
(256/256 bits new) no authentication
Aug 29 11:08:44 codeman imapd[2718]: no secret in database
Aug 29 11:08:44 codeman imapd[2718]: badlogin: localhost[127.0.0.1] CRAM-MD5 
[SASL(-13): user not found: no secret in database]

The user has an entry in sasldb2, but only userPassword.

> Is "saslauthd" running?

yes. Anyway, it seems the compilation went nuts. After my $X compilation, 
imapd is able to connect to saslauthd socket.

> "saslauthd" and "*-MD5" methods are incompatible, unless they will use
> sasldb. MD5 methods MUST have access to locally stored shared secret
> (password). At this time it can be in sasldb only (no MySQL).

yes, but the problem is, I cannot use anything higher than PLAIN/LOGIN. Always 
this error:

Aug 29 11:08:42 codeman imapd[2718]: starttls: TLSv1 with cipher AES256-SHA 
(256/256 bits new) no authentication
Aug 29 11:08:44 codeman imapd[2718]: no secret in database
Aug 29 11:08:44 codeman imapd[2718]: badlogin: localhost[127.0.0.1] CRAM-MD5 
[SASL(-13): user not found: no secret in database]

--
ciao, Marc

More information about the Info-cyrus mailing list