cyradm authentication error
kewilliams
kewilliams at dreamhousefund.com
Thu Feb 27 12:10:50 EST 2003
Robert thanks for the help,
After changing the imapd.conf file as you directed (and rebooting to make sure the changes took affect), I still got the error when running "cyradm --user cyrus localhost." I noticed in my auth.log file that the following messages occurred when trying to log in:
Feb 27 08:52:56 web01 perl: No worthy mechs found
I'm not sure what this means, but upon looking up this message in the archive I was told to use cyradm --user cyrus -auth login localhost. This DID work. I'm ASSUMING this means I am trying to login in via plaintext instead of DIGEST-MD5. (I have no clue why it won't work via DIGEST-MD5). I was able to create a mailbox in my cyradm tool, but still got the following messages in my imapd.conf file:
Feb 27 08:56:03 web01 imapd[1229]: accepted connection
Feb 27 08:56:48 web01 imapd[1229]: badlogin: web01[127.0.0.1] PLAIN [SASL(-4): no mechanism available: security flags do not match required]
Feb 27 08:57:00 web01 imapd[1229]: badlogin: web01[127.0.0.1] plaintext cyrus SASL(-13): authentication failure: checkpass failed
Feb 27 08:57:10 web01 imapd[1229]: accepted connection
Feb 27 08:57:14 web01 imapd[1229]: login: web01[127.0.0.1] cyrus plaintext.
Why am I getting these error messages? And as a newbie, I am COMPLETELY confused as to the differences between auxprop, saslauthd, login, and plain (those are the ones I have found so far...), and how they all relate regarding sasl2. Does anyone know why I am getting these messages in my log files (specifically "no worthy mechs found" in my auth log, and "badlogin: web01[127.0.0.1] PLAIN..." in my imapd.log).
Also, is there any *good* documentation out there explaining the differences between these login mechanisms, and how they all relate? I'd love to buy a good book on all this stuff!
Thanks in advance,
Kevin Williams
---------- Original Message ----------------------------------
From: Robert Urban <urban at UNIX-Beratung.de>
Date: Thu, 27 Feb 2003 13:23:15 +0100
>
>Kevin Williams wrote:
>> My imapd.conf file looks as follows:
>>
>> configdirectory: /var/imap
>> partition-default: /var/spool/imap
>> admins: cyrus root
>> sasl_pwcheck_method: saslauthd
>>
>> I can successfully authenticate using the imtest command. When I
>> tried to use cyradm, I originally got a "can't locat
>> Cyrus/IMAP/Shell.pm in @INC. I moved all necessary (I think)
>> folders from the folder they were installed in (/user/local/lib
>> instead of /user/lib) to be included in the path. Now when I run
>> cyradm, the program just hangs and I get the following error in my
>> imapd.log file:
>>
>> badlogin: web01[127.0.0.1] DOGEST-MD% [SASL(-13): authentication failure:
>> client response doesn't match what we generated].
>>
>> When I enter the sasldblistuser2 command, I get the following:
>> cyrus at web01: userPassword.
>
>I had this problem too. The answer is actually in the docs (install-auth),
>but it can take days before you find it :( The whole authentication
>business is pretty badly documented, IMHO.
>
>use
>
> sasl_pwcheck_method: auxprop
>
>in imapd.conf (which is the default) and both imtest and cyradm
>should used sasldb2.
>
>Rob Urban
>
>
More information about the Info-cyrus
mailing list