Authenticate via saslauthd: "generic failure: checkpass failed"

Jacob Friis Larsen jfl at list.idg.dk
Thu Aug 12 06:36:04 EDT 2004


I am trying to make cyrus authenticate via saslauthd.

The problem is that when using "sasl_pwcheck_method: saslauthd" I get 
"generic failure: checkpass failed".
If I use "sasl_pwcheck_method: auxprop" it's working.

Since I only see SQL queries in /var/log/mysql/mysql.log when using 
auxprop I guess that the problem is between cyrus, saslauthd and or pam.

The system is running Debian stable/testing. Cyrus is cyrus21-imapd 
(2.1.16-6)

I have read all guides and searched Goggle.
Below are info you might need. Please help.

Aug 12 11:53:37 debpro cyrus/imapd[32568]: badlogin: debpro[127.0.0.1] 
plaintext cyrus SASL(-1): generic failure: checkpass failed

# imtest -a cyrus -m login -p imap localhost
S: * OK debpro Cyrus IMAP4 v2.1.16-IPv6-Debian-2.1.16-6 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT 
LIST-SUBSCRIBED ANNOTATEMORE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {5}
S: + go ahead
C: <omitted>
S: L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0

# /etc/init.d/saslauthd restart
Restarting SASL Authentication Daemon: saslauthd[31589] :main 
  : num_procs  : 0
saslauthd[31589] :main            : mech_option: NULL
saslauthd[31589] :main            : run_path   : /var/run/saslauthd
saslauthd[31589] :main            : auth_mech  : pam
saslauthd[31589] :cache_alloc_mm  : mmaped shared memory segment on 
file: /var/run/saslauthd/cache.mmap
saslauthd[31589] :cache_init      : bucket size: 92 bytes
saslauthd[31589] :cache_init      : stats size : 36 bytes
saslauthd[31589] :cache_init      : timeout    : 28800 seconds
saslauthd[31589] :cache_init      : cache table: 944764 total bytes
saslauthd[31589] :cache_init      : cache table: 1711 slots
saslauthd[31589] :cache_init      : cache table: 10266 buckets
saslauthd[31589] :cache_init_lock : flock file opened at 
/var/run/saslauthd/cache.flock
saslauthd[31589] :detach_tty      : master pid is: 0
saslauthd[31589] :ipc_init        : listening on socket: 
/var/run/saslauthd/mux

# dpkg-statoverride --list /etc/sasldb2
cyrus sasl 660 /etc/sasldb2
# dpkg-statoverride --list /var/run/saslauthd
cyrus sasl 710 /var/run/saslauthd

# less /etc/group | grep cyrus
sasl:*:45:cyrus

# sasltestsuite
NOTE:
-For KERBEROS_V4 must be able to read srvtab file (usually /etc/srvtab)
-For GSSAPI must be able to read srvtab (/etc/krb5.keytab)
-For both KERBEROS_V4 and GSSAPI you must have non-expired tickets
-For OTP (w/OPIE) must be able to read/write opiekeys (/etc/opiekeys)
-For OTP you must have a non-expired secret
-Must be able to read sasldb, which needs to be setup with a.
  username and a password (see top of testsuite.c)


Checking plaintext passwords... Failed with: sasl_checkpass() failed on 
simple case
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list