[SOLVED] Re: old issue, again: "cyradm: cannot authenticate to server with DIGEST-MD5"

OpenMacNews cyrus-info.20.openmacnews at spamgourmet.com
Mon Dec 20 23:43:16 EST 2004 

hi,

after a bunch of digging  (who knew there were 238+ list messages re: this 
issue ... ?!), it seems that the error I was getting is _somehow_ related to 
(in my case) an undef'd ENV var, specifically:

	$PERL5LIBS

the Cyrus-IMAP build installs perl modules in based on '$PERLPREFIX' & 
'$SITEPREFIX' vars, which it picks up from PERL_MM_OPT.  checking, everything 
_is_ installed where it should be.  in my case, that dir is:

	/usr/local/perl_libs/sitelib/darwin-thread-multi-2level

wherein i find:
	% ls -R Cyrus
		Cyrus:
			IMAP  IMAP.pm  SIEVE
		Cyrus/IMAP:
			Admin.pm  IMSP.pm  Shell.pm
		Cyrus/SIEVE:
			managesieve.pm

if i set $PERL5LIBS to the perl modules' parent dir:

% setenv PERL5LIBS "/usr/local/perl_libs/sitelib/darwin-thread-multi-2level"

 ...


then, with, imapd.conf settings incl:

	sasl_pwcheck_method: auxprop
	sasl_auxprop_plugin: sasldb
	allowanonymouslogin: no
	allowplaintext: no
	sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5
	sasl_auto_transition: no
	sasl_minimum_layer: 128
	sasl_maximum_layer: 1024
	tls_cipher_list: ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
	tls_require_cert: 0
	tls_session_timeout: 0


i can (finally!) successfully login with cyradm:

%cyradm --auth DIGEST-MD5 --user testuser at mail.internal.testdomain.com --server 
mail.internal.testdomain.com --port 143
	Password:

mail.internal.testdomain.com> version

mail.internal.testdomain.com> version
	name       : Cyrus IMAPD
	version    : v2.2.10 2004/11/23 17:52:52
	vendor     : Project Cyrus
	support-url: http://asg.web.cmu.edu/cyrus
	os         : Darwin
	os-version : 7.7.0
	environment: Built w/Cyrus SASL 2.1.20
				 Running w/Cyrus SASL 2.1.20
				 Built w/Sleepycat Software: Berkeley DB 4.2.52: (December  9, 2004)
				 Running w/Sleepycat Software: Berkeley DB 4.2.52: (December  9, 2004)
				 Built w/OpenSSL 0.9.7e 25 Oct 2004
				 Running w/OpenSSL 0.9.7e 25 Oct 2004
				 CMU Sieve 2.2
				 TCP Wrappers
				 mmap = shared
				 lock = fcntl
				 nonblock = fcntl
				 auth = unix
				 idle = poll

one important note ... if you set 'sasl_minimum_layer' GREATER THAN '128 
(bits)', you'll get an error on login, e.g.:

	[SASL(-15): mechanism too weak for this user: mech DIGEST-MD5 is too weak]"

OTOH, @ <= 128 bits, all is OK, and TLS still works as advertised/expected.

the frustrating part of this is that a grep on PERL5LIB in either my cyrus-sasl 
or cyrus-imap src/doc trees comes back empty ... i'd love to know where this 
dependency comes from!


hope this helps someone else!

cheers,

richard




---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list