old issue, again: "cyradm: cannot authenticate to server with DIGEST-MD5"

OpenMacNews cyrus-info.20.openmacnews at spamgourmet.com
Mon Dec 20 02:07:32 EST 2004 

hi all,

i'm trying to login to administer via cyradm, but am failing at:

% cyradm --auth DIGEST-MD5 --user testuser --server 
mail.internal.testdomain.com --port 143
	cyradm: cannot authenticate to server with DIGEST-MD5 as testuser

with logs =

	Dec 19 23:00:21 master[1611]: process 1618 exited, status 0
	Dec 19 23:00:34 master[1622]: about to exec /usr/local/cyrus-imap/libexec/imapd
	Dec 19 23:00:34 imap[1622]: executed
	Dec 19 23:00:34 imap[1622]: accepted connection


details follow here:

i've successfully created the admin user:

% echo test | saslpasswd2 -p -c -u mail.internal.testdomain.com testuser ;\
% sasldblistusers2
	testuser at mail.internal.testdomain.com: userPassword

my imapd.conf is:
-------------------------------------------------------
	admins: testuser
	virtdomains: yes
	postmaster: postmaster
	
	defaultdomain:		mail.internal.testdomain.com
	servername:			mail.internal.testdomain.com
	
	configdirectory:	/var/mail/imap
	defaultpartition: 	default
	partition-default:	/var/mail/mailstore
	sievedir:			/var/mail/sieve/
	sendmail:			/usr/local/postfix/sbin/sendmail
	
	loginrealms: localhost mail.internal.testdomain.com
	
	sasl_pwcheck_method: auxprop
	sasl_auxprop_plugin: sasldb
	allowanonymouslogin: no
	allowplaintext: no
	sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5
	sasl_auto_transition: no
	sasl_minimum_layer: 256
	sasl_maximum_layer: 1024
	
	######################
	## TLS config
	tls_ca_file:	/var/security/my_CA_cert.pem
	tls_cert_file:	/var/security/testdomain.pem
	tls_key_file:	/var/security/testdomain_req.pem
	
	tls_cipher_list: ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
	tls_require_cert: 0
	tls_session_timeout: 0
	
	autocreatequota: 10000
	drachost: localhost
	dracinterval: 0
	poptimeout: 10
	quotawarn: 90
	reject8bit: no
	timeout: 30
	
	unixhierarchysep: yes
	altnamespace: yes
	sharedprefix: Shared Folders
	userprefix: Other Folders
-------------------------------------------------------


my listeners are listening:

%netstat -an|grep LISTEN
	tcp4       0      0  127.0.0.1.143          *.*                    LISTEN
	tcp4       0      0  10.0.0.6.143           *.*                    LISTEN


i can telnet in to port 143:

% telnet localhost imap
	Trying 127.0.0.1...
	Connected to localhost.
	Escape character is '^]'.
	* OK mail.internal.testdomain.com Cyrus IMAP4 v2.2.10 server ready
	. logout
	* BYE LOGOUT received
	. OK Completed
	Connection closed by foreign host.


imtest via all allowed mechs Authenticates as expected:

% imtest -t "" -p imap -m plain -a testuser -u testuser localhost
% imtest -t "" -p imap -m cram-md5 -a testuser -u testuser localhost
% imtest -t "" -p imap -m digest-md5 -a testuser -u testuser localhost

	C: C01 CAPABILITY
	S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE 
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN AUTH=PLAIN 
AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 
AUTH=CRAM-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED
	S: C01 OK Completed
	C: A01 AUTHENTICATE PLAIN/CRAM-MD5/DIGEST-MD5
	...
	S: A01 OK Success (tls protection)
	Authenticated.
	Security strength factor: 256


taking note of Ken Murchison's comments here:

# 
<http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=17963>
#	You can't turn plaintext off and specify PLAIN as the only SASL
#	mechanism, because cyram doesn't support SSL/TLS (which is this only way
#	that PLAIN or IMAP LOGIN would be allowed with your config).  Either
#	allow plaintext, or add some other mechs (ie, CRAM-MD5) to the
#	sasl_mech_list.

and trying:

% cyradm --auth DIGEST-MD5 --user testuser --server 
mail.internal.testdomain.com --port 143

results only in:

	cyradm: cannot authenticate to server with DIGEST-MD5 as testuser

and the following in my cyrus-imap log:

	Dec 19 23:00:21 master[1611]: process 1618 exited, status 0
	Dec 19 23:00:34 master[1622]: about to exec /usr/local/cyrus-imap/libexec/imapd
	Dec 19 23:00:34 imap[1622]: executed
	Dec 19 23:00:34 imap[1622]: accepted connection




i _thought_ i'd found-n-followed the prior threads on this issue, making the 
appropriate changes in imapd.conf, etc.

clearly, i've missed something ...

any suggestions?  i'm stumped for the moment  =^|

thanks!

richard
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list