Mozilla Mail and authentication

grenoml grenoml at yahoo.com
Fri May 9 17:12:14 EDT 2003 

  Still not getting anywhere after working for quite a while on this.  

Red Hat Linux release 9 (Shrike)
cyrus-imapd-2.2.0-1
postfix-2.0.8-1.pcre.mysql.sasl2.tls.rh9
cyrus-sasl-2.1.10-4

Things I can do:
1. create accounts via webcyradm (password is encrypted).

2. use cyradm to access the 'cyrus' admin account.

3. use imtest to access the user account via -a cyrus if I use -t ''
e.g.: imtest -a cyrus -u test.mydomain.com -m plain -t '' localhost

Things I cannot do:
1. use cyradm to access user account
e.g.: cyradm --user test.mydomain.com --server localhost
IMAP Password: 
                                                                       
     Login failed: authentication failure at
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm
line 114
cyradm: cannot authenticate to server with  as test.mydomain.com

log entry:
May  9 16:51:53 tltamx01-lin01 perl: No worthy mechs found
May  9 16:51:59 tltamx01-lin01 imap(pam_unix)[18837]: check pass; user
unknown
May  9 16:51:59 tltamx01-lin01 imap(pam_unix)[18837]: authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost= 
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: pam_sm_authenticate
called.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: dbuser changed.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: dbpasswd changed.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: host changed.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: database changed.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: table changed.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: usercolumn changed.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: passwdcolumn changed.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: crypt changed.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: db_connect  called.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: returning 0 .
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: db_checkpasswd called.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: pam_mysql: where
clause = 
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: SELECT password FROM
accountuser WHERE username='test.mydomain.com'
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: sqlLog called.
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: pam_mysql: error:
sqllog set but logtable not set
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: pam_mysql: error:
sqllog set but logmsgcolumn not set
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: pam_mysql: error:
sqllog set but logusercolumn not set
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: pam_mysql: error:
sqllog set but loghostcolumn not set
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: pam_mysql: error:
sqllog set but logtimecolumn not set
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: returning 0 .
May  9 16:51:59 tltamx01-lin01 saslauthd[18837]: returning 0.
May  9 16:52:01 tltamx01-lin01 saslauthd[18837]: AUTHFAIL:
user=test.mydomain.com service=imap realm= [PAM auth error]
May  9 16:52:01 tltamx01-lin01 imap[19214]: badlogin:
localhost.localdomain [127.0.0.1] plaintext test.mydomain.com
SASL(-13): authentication failure: checkpass failed

2. use imtest to access user account
e.g.: imtest -u test.mydomain.com -m plain -t '' localhost
S: * OK tltamx01-lin01.mydomain.com Cyrus IMAP4
v2.2.0-ALPHA-Invoca-RPM-2.2.0-1 server ready^M
C: C01 CAPABILITY^M
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT
LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE^M
S: C01 OK Completed^M
C: S01 STARTTLS^M
S: S01 OK Begin TLS negotiation now^M
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: C01 CAPABILITY^M
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=PLAIN
LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE^M
S: C01 OK Completed^M
C: A01 AUTHENTICATE PLAIN^M
S: + ^M
Please enter your password: 
C: dGVzdC50ZWxpYW50Lm5ldAByb290AHRsdHRlc3Qx
S: A01 NO authentication failure^M
Authentication failed. generic failure
Security strength factor: 256
C: Q01 LOGOUT^M
* BYE LOGOUT received^M
Q01 OK Completed^M
Connection closed.

log entry:
May  9 16:54:59 tltamx01-lin01 imap[19438]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May  9 16:55:04 tltamx01-lin01 imap(pam_unix)[18833]: authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: pam_sm_authenticate
called.
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: dbuser changed.
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: dbpasswd changed.
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: host changed.
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: database changed.
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: table changed.
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: usercolumn changed.
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: passwdcolumn changed.
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: crypt changed.
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: db_connect  called.
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: returning 0 .
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: db_checkpasswd called.
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: pam_mysql: where
clause = 
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: SELECT password FROM
accountuser WHERE username='root'
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: pam_mysql: select
returned more than one result
May  9 16:55:04 tltamx01-lin01 saslauthd[18833]: returning 7 after
db_checkpasswd.
May  9 16:55:07 tltamx01-lin01 saslauthd[18833]: AUTHFAIL: user=root
service=imap realm= [PAM auth error]
May  9 16:55:07 tltamx01-lin01 imap[19438]: Password verification
failed
May  9 16:55:07 tltamx01-lin01 imap[19438]: badlogin:
localhost.localdomain [127.0.0.1] PLAIN [SASL(-13): authentication
failure: Password verification failed]

Why is this showing user=root when I passed a -u argument? ?????
It shows similar (user=cyrus) if I su - cyrus and then run command.

Here are auth entries in all configs:
# /etc/imapd.conf

sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
allowanonymouslogin: no
allowplaintext: yes
----------
# /etc/pam.d/imap

auth     required    /lib/security/pam_stack.so service=system-auth
account  required    /lib/security/pam_stack.so service=system-auth
auth     sufficient  pam_mysql.so user=mail passwd=secret
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=1
account  required    pam_mysql.so user=mail passwd=secret
host=localhost db=mail table=accountuser usercolumn=username
passwdcolumn=password crypt=1
----------
# /etc/sysconfig/saslauthd

MECH=pam
----------
# /usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
----------
# /etc/postfix/main.cf

smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
  proxy:unix:passwd.byname
----------
# /var/www/html/web-cyradm/config.inc.php

$CRYPT="crypt";
----------


Any insight would be appreciated.

thx,
Gerry Reno


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com

More information about the Info-cyrus mailing list