Authentication failed. generic failure
Mike Allen
mallen at familyradio.org
Wed Sep 10 18:37:45 EDT 2003
I assured that libraries were all in-sync by running 'portupgrade' under
FreeBSD. (Thanks Oliver for the idea.)
I cannot yet create a mailbox. Here is what I get when I try:
[mail2] ~> whoami
cyrus
[mail2] ~> cyradm -u cyrus localhost
Password:
localhost.familyradio.org> lm
localhost.familyradio.org> cm user.mja
createmailbox: Permission denied
localhost.familyradio.org>
Checking Unix permissions ...
[mail2] ~> cd /var/spool
[mail2] /var/spool> ls -ld imap
drwxrwx--- 4 cyrus cyrus 512 Sep 10 12:43 imap/
[mail2] /var/spool> cd imap
[mail2] /var/spool/imap> ls -ld *
drwxrwxrwx 2 cyrus cyrus 512 Sep 10 10:00 stage./
drwxrwxrwx 2 cyrus cyrus 512 Sep 10 12:43 user/
It appears that I do have a 'cyrus' password:
[mail2] /usr/ports/mail/cyrus-imapd2# sasldblistusers2
cyrus at mail2.familyradio.org: userPassword
Permissions on 'sasldb2' seem to be correct:
-rw-r----- 1 cyrus mail 49152 Sep 2 11:08 sasldb2
-rw-r----- 1 cyrus mail 16384 Sep 10 10:37 sasldb2.db
'saslauthd' does not seem to be running at this time. 'imtest' was
run successfully with 'auxprop' for the SASL method.
I am researching more on the problem of not being able to
create a mailbox. Thanks Ken for those ideas.
Attached please find the latest configuration file in case that is
any help.
Thanks for any addittional help you can give.
Mike Allen
-------------- next part --------------
#
# $FreeBSD: ports/mail/cyrus-imapd2/files/imapd.conf,v 1.8 2002/08/08 14:06:48 ume Exp $
#
# Sample configurations file for Cyrus IMAPd
# Most lines in this file are commented; in this case the default is used.
# The commented lines (usually) contain the default value
# The pathname of the IMAP configuration directory
#
#configdirectory: /usr/local/etc
configdirectory: /var/imap
# The partition name used by default for new mailboxes
#
defaultpartition: default
# The directory for the different partitions
#
partition-default: /var/spool/imap
# Use the UNIX separator character '/' for delimiting levels of
# mailbox hierarchy. The default is to use the netnews separator
# character '.'.
#unixhierarchysep: no
# Use the alternate IMAP namespace, where personal folders reside at
# the same level in the hierarchy as INBOX.
#
#altnamespace: no
# If using the alternate IMAP namespace, the prefix for the other
# users namespace. The hierarchy delimiter will be automatically
# appended.
#
#userprefix: Other Users
# If using the alternate IMAP namespace, the prefix for the shared
# namespace. The hierarchy delimiter will be automatically appended.
#
#sharedprefix: Shared Folders
# The umask value used by various Cyrus IMAP programs
#
#umask: 077
# This is the hostname visible in the greeting messages of the POP,
# IMAP and LMTP daemons. If it is unset, then the result returned from
# gethostname(2) is used.
#
#servername: <result returned by gethostname(2)>
# Whether to allow anonymous logins
#
#allowanonymouslogin: no
# Allow the use of the SASL PLAIN mechanism.
#
allowplaintext: yes
# The percent of quota utilization over which the server generates
# warnings.
#
quotawarn: 90
# The length of the IMAP server's inactivity autologout timer, in minutes.
# The minimum value is 30, the default.
#
#timeout: 30
# The interval (in seconds) for polling the mailbox for changes while
# running the IDLE command. This option is used when idled can not be
# contacted or when polling is used exclusively. The minimum value is
# 1. A value of 0 will disable polling (and disable IDLE if polling
# is the only method available).
#
imapidlepoll: 60
# If enabled, the server responds to an ID command with a parameter
# list containing: version, vendor, support-url, os, os-version,
# command, arguments, environment. Otherwise the server returns NIL.
#
imapidresponse: yes
# Set the length of the POP server's inactivity autologout timer, in
# minutes. The minimum value is 10, the default.
#
#poptimeout: 10
# Set the minimum amount of time the server forces users to wait between
# successive POP logins, in minutes. The default is 0.
#
#popminpoll: 0
# The number of days advertised as being the minimum a message may be
# left on the POP server before it is deleted (via the CAPA command,
# defined in the POP3 Extension Mechanism, which some clients may
# support). "NEVER", the default, may be specified with a negative
# number. The Cyrus POP3 server never deletes mail, no matter what
# the value of this parameter is. However, if a site implements a
# less liberal policy, it needs to change this parameter accordingly.
#
#popexpiretime: 0
# The list of userids with administrative rights. Separate each userid
# with a space. We recommend that administrator userids be separate from
# standard userids. Sites using Kerberos authentication may use separate
# "admin" instances.
#
admins: cyrus, mallen
# A list of users and groups that are allowed to proxy for other
# users, seperated by spaces. Any user listed in this will be allowed
# to login for any other user: use with caution.
#
#proxyservers: <none>
# The Access Control List (ACL) placed on a newly-created (non-user)
# mailbox that does not have a parent mailbox.
#
defaultacl: anyone lrs
# The pathname of the news spool directory. Only used if the partition-news
# configuration option is set.
#
#newsspool: <no default>
# Prefix to be prepended to newsgroup names to make the corresponding IMAP
# mailbox names.
#
#newsprefix: <none>
# If nonzero, normal users may create their own IMAP accounts by creating
# the mailbox INBOX. The user's quota is set to the value if it is positive,
# otherwise the user has unlimited quota.
#
autocreatequota: 50000
# Include notations in the protocol telemetry logs indicating the number
# of seconds since the last command or response.
#
#logtimestamps: no
# Number of seconds to pause after a successful plaintext login. For systems
# that support strong authentication, this permits users to perceive a cost
# of using plaintext passwords.
#
#plaintextloginpause: 0
# The pathname of srvtab file containing the server's private key.
# This option is passed to the SASL library and overrides its default
# setting.
#
srvtab: /etc/ssl/global.key
# The list of remote realms whose users may log in using cross-realm
# authentications. Seperate each realm name by a space. This option is
# only used when the server is compiled with Kerberos authentication.
#
#loginrealms: <none>
# If enabled, any authentication identity which has a rights on a user's
# INBOX may log in as that user. This option is only used when the server
# is compiled with Kerberos authentication.
#
#loginuseacl: no
# If enabled, lmtpd attempts to only write one copy of a message per
# partition and create hard links, resulting in a potentially large
# disk savings.
#
#singleinstancestore: yes
# If enabled, lmtpd will suppress delivery of a message to a mailbox
# if a message with the same message-id (or resent-message-id) is
# recorded as having already been delivered to the mailbox. Records
# the mailbox and message-id/resent-message-id of all successful
# deliveries.
# Note that duplicate delivery suppression is required for Sieve.
# Disabling duplicate delivery suppression will also disable Sieve,
# and as such should only be disabled for performance reasons.
#
duplicatesuppression: yes
# If enabled, lmtpd rejects messages with 8-bit characters in the
# headers. Otherwise, 8-bit characters are changed to `X'. (A proper
# soultion to non-ASCII characters in headers is offered by RFC 2047
# and its predecessors.)
#
#reject8bit: no
# Maximum incoming LMTP message size. If set, lmtpd will reject
# messages larger than maxmessagesize bytes. The default is to allow
# messages of any size.
#
#maxmessagesize: <unlimited>
# Userid used to deliver messages to shared folders. For example, if
# set to "bb", email sent to "bb+shared.blah" would be delivered to
# the "shared.blah" folder. By default, an email address of
# "+shared.blah" would be used.
#postuser: <none>
# If enabled at compile time, this specifies a URL to reply when
# Netscape asks the server where the mail administration HTTP server
# is. The default is a site at CMU with a hopefully informative
# message; administrators should set this to a local resource with
# some information of greater use.
#
#netscapeurl: http://andrew2.andrew.cmu.edu/cyrus/imapd/netscapeadmin.html
# Notifyd(8) method to use for "MAIL" notifications. If not set,
# "MAIL" notifications are disabled.
#
#mailnotifier: <no default>
# Notifyd(8) method to use for "SIEVE" notifications. If not set,
# "SIEVE" notifications are disabled.
#
# This method is only used when no method is specified in the script.
#
#sievenotifier: <no default>
# If enabled, lmtpd will look for Sieve scripts in user's home
# directories: ~user/.sieve.
#
sieveusehomedir: false
# If sieveusehomedir is false, this directory is searched for Sieve scripts.
# The active Sieve script is s called "default", placed in the users sieve
# sieve directory (ie. /var/imap/sieve/u/user).
#
sievedir: /var/imap/sieve
# The pathname of the sendmail executable. Sieve uses sendmail for
# sending rejections, redirects and vaca- tion responses.
#
#sendmail: /usr/sbin/sendmail
# Username that is used as the 'From' address in rejection MDNs
# produced by sieve.
#
#postmaster: postmaster
# If enabled, the partitions will also be hashed, in addition to the hashing
# done on configuration directories. This is recommended if one partition has
# a very bushy mailbox tree.
#
#hashimapspool: false
# Maximum size (in kilobytes) any sieve script can be, enforced at
# submission by timsieved(8).
#
#sieve_maxscriptsize: 32
# Maximum number of sieve scripts any user may have, enforced at
# submission by timsieved(8).
#
#sieve_maxscripts: 5
# Maximum SSF (security strength factor) that the server will allow a
# client to negotiate.
#
#sasl_maximum_layer: 256
# The minimum SSF that the server will allow a client to negotiate. A
# value of 1 requires integrity protection; any higher value requires
# some amount of encryption.
#
#sasl_minimum_layer: 0
# The mechanism used by the server to verify plaintext passwords. Possible
# values include "auxprop", "saslauthd", and "pwcheck"
#
sasl_pwcheck_method: auxprop
#sasl_pwcheck_method: saslauthd
# To override the sasl.conf file do the following:
sasl_sasldb_path: /usr/local/etc/sasldb2
# If enabled, the SASL library will automatically create authentication
# secrets when given a plaintext password. See the SASL documentation.
#
#sasl_auto_transition: no
# Location of the opiekeys file
#
#sasl_opiekeys: /etc/opiekeys
# File containing the global certificate used for ALL services (imap,
# pop3, lmtp).
#
tls_cert_file: /etc/ssl/global.crt
# File containing the private key belonging to the global server
# certificate.
#
tls_key_file: /etc/ssl/global.key
# File containing the certificate used for imap ONLY. If not
# specified, the global certificate is used. A value of "disabled"
# will disable SSL/TLS for imap.
#
#tls_imap_cert_file: <none>
# File containing the private key belonging to the imap-specific
# server certificate. If not specified, the global private key is
# used. A value of "disabled" will disable SSL/TLS for imap.
#
#tls_imap_key_file: <none>
# File containing the certificate used for pop3 ONLY. If not
# specified, the global certificate is used. A value of "disabled"
# will disable SSL/TLS for pop3.
#
#tls_pop3_cert_file: <none>
# File containing the private key belonging to the pop3-specific
# server certificate. If not specified, the global private key is
# used. A value of "disabled" will disable SSL/TLS for pop3.
#
#tls_pop3_key_file: <none>
# File containing the certificate used for lmtp ONLY. If not
# specified, the global certificate is used. A value of "disabled"
# will disable TLS for lmtp.
#
#tls_lmtp_cert_file: <none>
# File containing the private key belonging to the lmtp-specific
# server certificate. If not specified, the global private key is
# used. A value of "disabled" will disable TLS for lmtp.
#
#tls_lmtp_key_file: <none>
# File containing the certificate used for sieve ONLY. If not
# specified, the global certificate is used. A value of "disabled"
# will disable TLS for sieve.
#
#tls_sieve_cert_file: <none>
# File containing the private key belonging to the sieve-specific
# server certificate. If not specified, the global private key is
# used. A value of "disabled" will disable TLS for sieve.
#
#tls_sieve_key_file: <none>
# File containing one or more Certificate Authority (CA) certificates.
#
#tls_ca_file: <none>
# Path to directory with certificates of CAs.
#
#tls_ca_path: <none>
# The length of time (in minutes) that a TLS session will be cached
# for later reuse. The maximum value is 1440 (24 hours), the default.
# A value of 0 will disable session caching.
#
tls_session_timeout: 120
# The right that a user needs to delete a mailbox.
#
#deleteright: c
# Unix domain socket that lmtpd listens on, used by deliver(8).
#
lmtpsocket: /var/imap/socket/lmtp
# Unix domain socket that idled listens on.
#
idlesocket: /var/imap/socket/idle
# Unix domain socket that the new mail notification daemon listens on.
#
#notifysocket: /var/imap/socket/notify
#
# EOF
More information about the Info-cyrus
mailing list