Cyrus-POP & SASL2 auxprop work together ?

Peter Markom peter at markom.at
Fri Aug 6 05:07:12 EDT 2004 

Hello,

I submit my question a second time since do not find the problem. I 
suppose it to be something simple which could easily be overlooked. Maybe 
it is related with the virtual-domains, but I checked the manual/Howto/faq 
various times. I also though about something that has to do with 
permissions / access-rights ?

Any suggestion would be highly appreciated.

Problem is: I can not authenticate imap/pop-users using auxprop and 
/etc/sasldb2

On the same machine runs postfix and authentication via TLS and 
SASL/auxprop works fine. So I can send mails but can not retrieve mails 
via pop/imap.

When trying to do so, /var/log/messages reads like below when trying to 
authenticate via login & tls

Aug  2 00:00:23 master master[23882]: about to exec 
/usr/lib/cyrus/bin/pop3d
Aug  2 00:00:23 master pop3[23882]: executed
Aug  2 00:00:23 master pop3[23882]: accepted connection
Aug  2 00:00:23 master pop3[23882]: TLS server engine: cannot load CA data
Aug  2 00:00:23 master pop3[23882]: TLS server engine: No CA file 
specified. Client side certs may not work
Aug  2 00:00:23 master pop3[23882]: mystore: starting txn 2147483650
Aug  2 00:00:23 master pop3[23882]: mystore: committing txn 2147483650
Aug  2 00:00:23 master pop3[23882]: starttls: TLSv1 with cipher RC4-SHA 
(128/128 bits new) no authentication
Aug  2 00:00:26 master pop3[23882]: badlogin: [212.166.101.83] LOGIN user 
not found

or else via plaintext & tls

Aug  2 00:12:49 master master[23899]: about to exec 
/usr/lib/cyrus/bin/pop3d
Aug  2 00:12:49 master pop3[23899]: executed
Aug  2 00:12:49 master pop3[23899]: accepted connection
Aug  2 00:12:49 master pop3[23899]: TLS server engine: cannot load CA data
Aug  2 00:12:49 master pop3[23899]: TLS server engine: No CA file 
specified. Client side certs may not work
Aug  2 00:12:50 master pop3[23899]: mystore: starting txn 2147483658
Aug  2 00:12:50 master pop3[23899]: mystore: committing txn 2147483658
Aug  2 00:12:50 master pop3[23899]: starttls: TLSv1 with cipher RC4-SHA 
(128/128 bits new) no authentication
Aug  2 00:12:50 master pop3[23899]: badlogin: [212.166.101.83] plaintext 
nospam SASL(-13): user not found: checkpass failed


I run  cyrus-imapd-2.2.3 on SuSE Linux 9.1. There is a whole lot of other 
cyrus / sasl rpm's installed:

cyrus-sasl-2.1.18-29
cyrus-imapd-2.2.3-79
cyrus-sasl-crammd5-2.1.18-29
cyrus-sasl-digestmd5-2.1.18-29
cyrus-sasl-otp-2.1.18-29
cyrus-sasl-devel-2.1.18-29
cyrus-sasl-gssapi-2.1.18-29
cyrus-sasl-plain-2.1.18-29

The user in question is listed with sasldblistusers2 (and works when 
sending mails).

/etc/imapd.conf reads like:
<...>
sasl_pwcheck_method: auxprop
sasl_mech_list: login plain
allowplaintext:     yes
virtdomains: yes
defaultdomain: koordinaten.at
tls_cert_file: /var/lib/imap/server.pem
tls_key_file: /var/lib/imap/server.pem
<...>


# ls -l /etc/sasldb2
-rw-r-----  1 cyrus mail 12288 Jul 28 00:11 /etc/sasldb2


master:~ # sasldblistusers2
nospam at koordinaten.at: userPassword
root at master.koordinaten.at: userPassword
cyrus at master.koordinaten.at: userPassword
master:~ #
master:~ # cyradm localhost
IMAP Password:
localhost> lm
user.nospam (\HasNoChildren)

I test using Opera 7.23 with the following configuration:
Server: POP (port: 110)
enable TLS: yes
username: nospam%markom.at  (also tried nospam at markom.at - same result)
Authentication: AUTH LOGIN    (also tried "plaintext" - same result)

When updating passwords with saslpasswd2 there is a strange message in 
/var/log/messages (although the user is created and/or password changed):

Aug  3 21:55:55 master saslpasswd2: error deleting entry from sasldb: 
DB_NOTFOUND: No matching key/data pair found

I could not find any useful explanation to that message - it still feels 
harmless to me (?)

/etc/cyrus.conf:

imap            cmd="imapd" listen="imap" prefork=0
#  imaps                cmd="imapd -s" listen="imaps" prefork=0
pop3            cmd="pop3d" listen="pop3" prefork=0
#  pop3s                cmd="pop3d -s" listen="pop3s" prefork=0
#  sieve                cmd="timsieved" listen="sieve" prefork=0

saslauthd ist not running (and should not be necessary according to FAQ ?)

I suppose that in some way the authentication mechanism is not ok or not 
supported - but I an't figure out any details about - and may also be 
completely misdirected.
So if anyone coud give me a clue, it would be most appreciated (as 
likewise any hint on how to make imapd more verbous for debugging).

thanks & regards

Peter
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list