cyrus-imapd 2.2.1 beta - auth problem

Simon Matter simon.matter at ch.sauter-bc.com
Fri Jul 25 11:49:04 EDT 2003 

Well, I have now played again with 2.2.1-BETA for some hours now and I
still don't understand where it comes from.

I have tested on RedHat 7.2 and RedHat 9, with cyrus-sasl-2.1.10 and
cyrus-sasl-2.1.15.
Since I'm only installing from rpm, the behaviour is fully reproducable
and I'm sure there are no configuration errors :)

There is something going on in 2.2.1 which I have never seen before and
I'm 100% sure it's not the SASL part here. saslauthd is always started
with '/usr/sbin/saslauthd -m /var/run/saslauthd/mux -a pam', so we're
using PAM here. (As I noted before, the problem goes away when using
pwcheck).

Another interesting detail is that, if I installed cyrus-sasl-2.1.15 and
authentication works, I can downgrade to cyrus-sasl-2.1.10 (and restarting
saslauthd of course) and cyrus-imapd keeps authenticating successfully
until I restart master.

Any ideas?

Simon

Here we go:
====================================================================

[root at dhcp-141-104 root]# rpm -q cyrus-sasl
cyrus-sasl-2.1.10-3

[root at dhcp-141-104 root]# service saslauthd restart
Stopping saslauthd:                                        [  OK  ]
Starting saslauthd:                                        [  OK  ]

[root at dhcp-141-104 root]# service cyrus-imapd restart
Shutting down cyrus-imapd:                                 [  OK  ]
Starting cyrus-imapd: converting db files... done.         [  OK  ]

[root at dhcp-141-104 root]# cyradm --user cyrus --auth login localhost
IMAP Password:
              Login failed: can't request info until later in exchange at
/usr/lib/perl5/site_perl/5.6.1/i386-linux/Cyrus/IMAP/Admin.pm
line 118
cyradm: cannot authenticate to server with login as cyrus

[root at dhcp-141-104 root]# rpm -Fvh
/mnt/nfs/Linux/Invoca/Packages/Cyrus-sasl/cyrus-sasl-*2.1.15-1.i386.rpm
Preparing...                ###########################################
[100%]
   1:cyrus-sasl             ########################################### [
20%]
   2:cyrus-sasl-devel       ########################################### [
40%]
   3:cyrus-sasl-gssapi      ########################################### [
60%]
   4:cyrus-sasl-md5         ########################################### [
80%]
   5:cyrus-sasl-plain       ###########################################
[100%]

[root at dhcp-141-104 root]# service saslauthd restart
Stopping saslauthd:                                        [  OK  ]
Starting saslauthd:                                        [  OK  ]

[root at dhcp-141-104 root]# service cyrus-imapd restart
Shutting down cyrus-imapd:                                 [  OK  ]
Starting cyrus-imapd: converting db files... done.         [  OK  ]

[root at dhcp-141-104 root]# cyradm --user cyrus --auth login localhost
IMAP Password:
              localhost.localdomain> ver
name       : Cyrus IMAPD
version    : v2.2.1-BETA-Invoca-RPM-2.2.1-1 2003/07/16 21:18:54
vendor     : Project Cyrus
support-url: http://asg.web.cmu.edu/cyrus
os         : Linux
os-version : 2.4.20-18SGI_XFS_1.2.0
environment: Built w/Cyrus SASL 2.1.14
             Running w/Cyrus SASL 2.1.15
             Sleepycat Software: Berkeley DB 3.2.9: (January 24, 2001)
             Built w/OpenSSL 0.9.6b [engine] 9 Jul 2001
             Running w/OpenSSL 0.9.6b [engine] 9 Jul 2001
             CMU Sieve 2.2
             TCP Wrappers
             mmap = shared
             lock = fcntl
             nonblock = fcntl
             auth = unix
             idle = poll
             mailboxes.db = skiplist
             annotations.db = skiplist
             seen.db = skiplist
             subs.db = flat
             deliver.db = berkeley-nosync
             tls_sessions.db = berkeley-nosync
localhost.localdomain> quit
====================================================================

> Just for your information.
>
> I had the same problems with cyrus-imapd-2.2.1 and cyrus-sasl-2.1.14.
> Specifically I ran cyrus in debug mode and I found that in imapd.c, line
> 1609,
> where sasl_getpass() is executed, it returned normally without errors,
> returning
> SASL_OK.
>
> After that, when line 1634 was executed, the sasl_getprop(imapd_saslconn,
> SASL_USERNAME, (const void **) &canon_user) returned the error
> SASL_NOTDONE
> ("can't request info until later in exchange").
>
> The problem was magically solved when I upgraded to cyrus-sasl-2.1.15.
>
> Regards,
>     Christos
>
>
> Quoting Simon Matter <simon.matter at ch.sauter-bc.com>:
>
>> >>
>> >>
>> >>
>> >> This error is coming from SASL.  Could you please post the relevent
>> >> contents of imapd.log and auth.log?
>> >
>> > Ken,
>> >
>> > I have now straced the pid's on 2.1.14 and 2.2.1-BETA. I have also
>> tested
>> > the 2.2.1-BETA with pwcheck using /etc/sasldb2 and it works well.
>> Looks
>> to
>> > me like there is something broken when using saslauthd. FYI, the
>> > 2.2.1-BETA test is against cyrus-sasl 2.1.10.
>>
>> Hmm, I just tested against cyrus-sasl 2.1.15 and it works. Reinstalled
>> 2.1.10 and it didn't work again.
>>
>> Is 2.2.1-BETA supposed not to work with cyrus-sasl 2.1.10?
>>
>> >
>> > Simon
>
> --
> /**
>  * Christos Soulios
>  * Department of Informatics
>  * University of Athens
>  * e-mail : soulbros at noc.uoa.gr
>  */
>
>
>

More information about the Info-cyrus mailing list