Authentication failed. generic failure

Mike Allen mallen at familyradio.org
Wed Sep 10 18:37:45 EDT 2003


I assured that libraries were all in-sync by running 'portupgrade' under
FreeBSD. (Thanks Oliver for the idea.)

I cannot yet create a mailbox.  Here is what I get when I try:

  [mail2] ~> whoami
  cyrus
  [mail2] ~> cyradm -u cyrus localhost
  Password:
  localhost.familyradio.org> lm
  localhost.familyradio.org> cm user.mja
  createmailbox: Permission denied
  localhost.familyradio.org>


Checking Unix permissions ...

  [mail2] ~> cd /var/spool
  [mail2] /var/spool> ls -ld imap
  drwxrwx---  4 cyrus  cyrus  512 Sep 10 12:43 imap/
  [mail2] /var/spool> cd imap
  [mail2] /var/spool/imap> ls -ld *
  drwxrwxrwx  2 cyrus  cyrus  512 Sep 10 10:00 stage./
  drwxrwxrwx  2 cyrus  cyrus  512 Sep 10 12:43 user/

It appears that I do have a 'cyrus' password:

  [mail2] /usr/ports/mail/cyrus-imapd2# sasldblistusers2
  cyrus at mail2.familyradio.org: userPassword

Permissions on 'sasldb2' seem to be correct:

  -rw-r-----  1 cyrus  mail  49152 Sep  2 11:08 sasldb2
  -rw-r-----  1 cyrus  mail  16384 Sep 10 10:37 sasldb2.db

'saslauthd' does not seem to be running at this time.  'imtest' was
run successfully with 'auxprop' for the SASL method.
I am researching more on the problem of not being able to
create a mailbox.  Thanks Ken for those ideas.

Attached please find the latest configuration file in case that is
any help.

Thanks for any addittional help you can give.

Mike Allen
-------------- next part --------------
#
# $FreeBSD: ports/mail/cyrus-imapd2/files/imapd.conf,v 1.8 2002/08/08 14:06:48 ume Exp $
#
# Sample configurations file for Cyrus IMAPd
# Most lines in this file are commented; in this case the default is used. 
# The commented lines (usually) contain the default value

# The pathname of the IMAP configuration directory
#
#configdirectory: /usr/local/etc
configdirectory: /var/imap

# The partition name used by default for new mailboxes
#
defaultpartition: default

# The directory for the different partitions
#
partition-default: /var/spool/imap

# Use the UNIX separator character '/' for delimiting levels of
# mailbox hierarchy.  The default is to use the netnews separator
# character '.'.
#unixhierarchysep: no

# Use the alternate IMAP namespace, where personal folders reside at
# the same level in the hierarchy as INBOX.
#
#altnamespace: no

# If using the alternate IMAP namespace, the prefix for the other
# users namespace.  The hierarchy delimiter will be automatically
# appended.
#
#userprefix: Other Users

# If using the alternate IMAP namespace, the prefix for the shared
# namespace.  The hierarchy delimiter will be automatically appended.
#
#sharedprefix: Shared Folders

# The umask value used by various Cyrus IMAP programs
#
#umask: 077

# This is the hostname visible in the greeting messages of the POP,
# IMAP and LMTP daemons. If it is unset, then the result returned from
# gethostname(2) is used.
#
#servername: <result returned by gethostname(2)>

# Whether to allow anonymous logins
#
#allowanonymouslogin: no

# Allow the use of the SASL PLAIN mechanism.
#
allowplaintext: yes

# The percent  of  quota  utilization  over  which  the server generates
# warnings.
#
quotawarn: 90

# The length of the IMAP server's inactivity autologout timer, in minutes.
# The  minimum  value  is  30,  the default.
#
#timeout: 30

# The interval (in seconds) for polling the mailbox for changes while
# running the IDLE command.  This option is used when idled can not be
# contacted or when polling is used exclusively.  The minimum value is
# 1.  A value of 0 will disable polling (and disable IDLE if polling
# is the only method available).
#
imapidlepoll: 60

# If enabled, the server responds to an ID command with a parameter
# list containing: version, vendor, support-url, os, os-version,
# command, arguments, environment.  Otherwise the server returns NIL.
#
imapidresponse: yes

# Set the length of the POP server's inactivity autologout timer, in
# minutes.  The minimum value is 10, the default.
#
#poptimeout: 10

# Set the minimum amount of time the server forces users to wait between 
# successive POP logins, in  minutes.  The default is 0.
#
#popminpoll: 0

# The number of days advertised as being the minimum a message may be
# left on the POP server before it is deleted (via the CAPA command,
# defined in the POP3 Extension Mechanism, which some clients may
# support).  "NEVER", the default, may be specified with a negative
# number.  The Cyrus POP3 server never deletes mail, no matter what
# the value of this parameter is.  However, if a site implements a
# less liberal policy, it needs to change this parameter accordingly.
#
#popexpiretime: 0

# The list of userids with administrative rights.  Separate each userid
# with a space.  We recommend that administrator userids be separate from 
# standard userids.  Sites using Kerberos authentication may use separate
# "admin" instances.
#
admins: cyrus, mallen

# A list of users and groups that are allowed to proxy for other
# users, seperated by spaces.  Any user listed in this will be allowed
# to login for any other user: use with caution.
#
#proxyservers: <none>

# The Access Control List (ACL) placed on a newly-created (non-user)
# mailbox that does not have a parent mailbox.
#
defaultacl: anyone lrs

# The pathname of the news spool directory.  Only used if the partition-news
# configuration option is set.
#
#newsspool: <no default>

# Prefix to be prepended to newsgroup names to make the corresponding IMAP
# mailbox names.
#
#newsprefix: <none>

# If nonzero, normal users may create their own IMAP accounts by creating
# the mailbox INBOX.  The user's quota is set to the value if it is positive,
# otherwise the user has unlimited quota.
#
autocreatequota: 50000

# Include notations in the protocol telemetry logs indicating the number
# of seconds since the last command or response.
#
#logtimestamps: no

# Number of seconds to pause after a successful plaintext login.  For systems
# that support strong authentication, this permits users to perceive a cost
# of using plaintext passwords.
#
#plaintextloginpause: 0

# The pathname of srvtab file containing the server's private key.
# This option is passed to the SASL library and overrides its default
# setting.
#
srvtab: /etc/ssl/global.key

# The list of remote realms whose users may log in using  cross-realm
# authentications.   Seperate each realm name by a space.  This option is
# only used when the server is compiled with Kerberos authentication.
#
#loginrealms: <none>

# If enabled, any authentication identity which has a rights on a user's
# INBOX may log in as that user.  This option is only used when the server
# is compiled with Kerberos authentication.
#
#loginuseacl: no

# If enabled, lmtpd attempts to only write one copy of a message per
# partition and create hard links, resulting in a potentially large
# disk savings.
#
#singleinstancestore: yes

# If enabled, lmtpd will suppress delivery of a message to a mailbox
# if a message with the same message-id (or resent-message-id) is
# recorded as having already been delivered to the mailbox.  Records
# the mailbox and message-id/resent-message-id of all successful
# deliveries.
# Note that duplicate delivery suppression is required for Sieve.
# Disabling duplicate delivery suppression will also disable Sieve,
# and as such should only be disabled for performance reasons.
#
duplicatesuppression: yes

# If enabled, lmtpd rejects messages with 8-bit characters in the
# headers.  Otherwise, 8-bit characters are changed to `X'.  (A proper
# soultion to non-ASCII characters in headers is offered by RFC 2047
# and its predecessors.)
#
#reject8bit: no

# Maximum incoming LMTP message size.  If set, lmtpd will reject
# messages larger than maxmessagesize bytes.  The default is to allow
# messages of any size.
#
#maxmessagesize: <unlimited>

# Userid used to deliver messages to shared folders.  For example, if
# set to "bb", email sent to "bb+shared.blah" would be delivered to
# the "shared.blah" folder.  By default, an email address of
# "+shared.blah" would be used.
#postuser: <none>

# If enabled at compile time, this specifies a URL to reply when
# Netscape asks the server where the mail administration HTTP server
# is.  The default is a site at CMU with a hopefully informative
# message; administrators should set this to a local resource with
# some information of greater use.
#
#netscapeurl: http://andrew2.andrew.cmu.edu/cyrus/imapd/netscapeadmin.html

# Notifyd(8) method to use for "MAIL" notifications.  If not set,
# "MAIL" notifications are disabled.
#
#mailnotifier: <no default>

# Notifyd(8) method to use for "SIEVE" notifications.  If not set,
# "SIEVE" notifications are disabled.
#
# This method is only used when no method is specified in the script.
#
#sievenotifier: <no default>

# If enabled, lmtpd will look for Sieve scripts in user's home
# directories: ~user/.sieve.
#
sieveusehomedir: false

# If sieveusehomedir is false, this directory is searched for Sieve scripts.
# The active Sieve script is s called "default", placed in the users sieve
# sieve directory (ie. /var/imap/sieve/u/user).
#
sievedir: /var/imap/sieve

# The pathname of the sendmail executable.  Sieve uses sendmail for
# sending rejections, redirects and vaca- tion responses.
#
#sendmail: /usr/sbin/sendmail

# Username that is used as the 'From' address in rejection MDNs
# produced by sieve.
#
#postmaster: postmaster

# If enabled, the partitions will also be hashed, in addition to the hashing
# done on configuration directories.  This is recommended if one partition has
# a very bushy mailbox tree.
#
#hashimapspool: false

# Maximum size (in kilobytes) any sieve script can be, enforced at
# submission by timsieved(8).
#
#sieve_maxscriptsize: 32

# Maximum number of sieve scripts any user may have, enforced at
# submission by timsieved(8).
#
#sieve_maxscripts: 5

# Maximum SSF (security strength factor) that the server will allow a
# client to negotiate.
#
#sasl_maximum_layer: 256

# The minimum SSF that the server will allow a client to negotiate.  A
# value of 1 requires integrity protection; any higher value requires
# some amount of encryption.
#
#sasl_minimum_layer: 0

# The mechanism used by the server to verify plaintext passwords.  Possible
# values include "auxprop", "saslauthd", and "pwcheck"
#
sasl_pwcheck_method: auxprop
#sasl_pwcheck_method: saslauthd

# To override the sasl.conf file do the following:
sasl_sasldb_path: /usr/local/etc/sasldb2

# If enabled,  the SASL library will automatically create authentication
# secrets when given a plaintext password.  See the SASL documentation.
#
#sasl_auto_transition: no

# Location of the opiekeys file
#
#sasl_opiekeys: /etc/opiekeys

# File containing the global certificate used for ALL services (imap,
# pop3, lmtp).
#
tls_cert_file: /etc/ssl/global.crt

# File containing the private key belonging to the global server
# certificate.
#
tls_key_file: /etc/ssl/global.key

# File containing the certificate used for imap ONLY.  If not
# specified, the global certificate is used.  A value of "disabled"
# will disable SSL/TLS for imap.
#
#tls_imap_cert_file: <none>

# File containing the private key belonging to the imap-specific
# server certificate.  If not specified, the global private key is
# used.  A value of "disabled" will disable SSL/TLS for imap.
#
#tls_imap_key_file: <none>

# File containing the certificate used for pop3 ONLY.  If not
# specified, the global certificate is used.  A value of "disabled"
# will disable SSL/TLS for pop3.
#
#tls_pop3_cert_file: <none>

# File containing the private key belonging to the pop3-specific
# server certificate.  If not specified, the global private key is
# used.  A value of "disabled" will disable SSL/TLS for pop3.
#
#tls_pop3_key_file: <none>

# File containing the certificate used for lmtp ONLY.  If not
# specified, the global certificate is used.  A value of "disabled"
# will disable TLS for lmtp.
#
#tls_lmtp_cert_file: <none>

# File containing the private key belonging to the lmtp-specific
# server certificate.  If not specified, the global private key is
# used.  A value of "disabled" will disable TLS for lmtp.
#
#tls_lmtp_key_file: <none>

# File containing the certificate used for sieve ONLY.  If not
# specified, the global certificate is used.  A value of "disabled"
# will disable TLS for sieve.
#
#tls_sieve_cert_file: <none>

# File containing the private key belonging to the sieve-specific
# server certificate.  If not specified, the global private key is
# used.  A value of "disabled" will disable TLS for sieve.
#
#tls_sieve_key_file: <none>

# File containing one or more Certificate Authority (CA) certificates.
#
#tls_ca_file: <none>

# Path to directory with certificates of CAs.
#
#tls_ca_path: <none>

# The length of time (in minutes) that a TLS session will be cached
# for later reuse.  The maximum value is 1440 (24 hours), the default.
# A value of 0 will disable session caching.
#
tls_session_timeout: 120

# The right that a user needs to delete a mailbox.
#
#deleteright: c

# Unix domain socket that lmtpd listens on, used by deliver(8).
#
lmtpsocket: /var/imap/socket/lmtp

# Unix domain socket that idled listens on.
#
idlesocket: /var/imap/socket/idle

# Unix domain socket that the new mail notification daemon listens on.
#
#notifysocket: /var/imap/socket/notify

#
# EOF


More information about the Info-cyrus mailing list