cyradm authentication error

kewilliams kewilliams at dreamhousefund.com
Thu Feb 27 12:10:50 EST 2003 

Robert thanks for the help,

After changing the imapd.conf file as you directed (and rebooting to make sure the changes took affect), I still got the error when running "cyradm --user cyrus localhost."  I noticed in my auth.log file that the following messages occurred when trying to log in:

Feb 27 08:52:56 web01 perl: No worthy mechs found

I'm not sure what this means, but upon looking up this message in the archive I was told to use cyradm --user cyrus -auth login localhost.  This DID work.  I'm ASSUMING this means I am trying to login in via plaintext instead of DIGEST-MD5.  (I have no clue why it won't work via DIGEST-MD5).  I was able to create a mailbox in my cyradm tool, but still got the following messages in my imapd.conf file:

Feb 27 08:56:03 web01 imapd[1229]: accepted connection
Feb 27 08:56:48 web01 imapd[1229]: badlogin: web01[127.0.0.1] PLAIN [SASL(-4): no mechanism available: security flags do not match required]
Feb 27 08:57:00 web01 imapd[1229]: badlogin: web01[127.0.0.1] plaintext cyrus SASL(-13): authentication failure: checkpass failed
Feb 27 08:57:10 web01 imapd[1229]: accepted connection
Feb 27 08:57:14 web01 imapd[1229]: login: web01[127.0.0.1] cyrus plaintext.

Why am I getting these error messages?  And as a newbie, I am COMPLETELY confused as to the differences between auxprop, saslauthd, login, and plain (those are the ones I have found so far...), and how they all relate regarding sasl2.  Does anyone know why I am getting these messages in my log files (specifically "no worthy mechs found" in my auth log, and "badlogin: web01[127.0.0.1] PLAIN..." in my imapd.log).

Also, is there any *good* documentation out there explaining the differences between these login mechanisms, and how they all relate?  I'd love to buy a good book on all this stuff!

Thanks in advance,

Kevin Williams

---------- Original Message ----------------------------------
From: Robert Urban <urban at UNIX-Beratung.de>
Date:  Thu, 27 Feb 2003 13:23:15 +0100

>
>Kevin Williams wrote:
>> My imapd.conf file looks as follows:
>> 
>> configdirectory: /var/imap
>> partition-default: /var/spool/imap
>> admins: cyrus root
>> sasl_pwcheck_method: saslauthd
>>
>> I can successfully authenticate using the imtest command.  When I
>> tried to use cyradm, I originally got a "can't locat
>> Cyrus/IMAP/Shell.pm in @INC.  I moved all necessary (I think)
>> folders from the folder they were installed in (/user/local/lib
>> instead of /user/lib) to be included in the path.  Now when I run
>> cyradm, the program just hangs and I get the following error in my
>> imapd.log file:
>> 
>> badlogin: web01[127.0.0.1] DOGEST-MD% [SASL(-13): authentication failure:
>> client response doesn't match what we generated].
>> 
>> When I enter the sasldblistuser2 command, I get the following:
>> cyrus at web01: userPassword.
>
>I had this problem too.  The answer is actually in the docs (install-auth),
>but it can take days before you find it :(  The whole authentication
>business is pretty badly documented, IMHO.
>
>use
>
>	sasl_pwcheck_method: auxprop
>
>in imapd.conf (which is the default) and both imtest and cyradm
>should used sasldb2.
>
>Rob Urban
>
>

More information about the Info-cyrus mailing list