Cyrus sasl authentication problem

Ken Murchison ken at oceana.com
Thu Dec 16 11:06:10 EST 2004


Wilson, Dave wrote:

> ./saslauthd -a getpwent -d
> saslauthd[6583] :main            : num_procs  : 5
> saslauthd[6583] :main            : mech_option: NULL
> saslauthd[6583] :main            : run_path   : /var/state/saslauthd
> saslauthd[6583] :main            : auth_mech  : getpwent
> saslauthd[6583] :ipc_init        : using accept lock file: /var/state/saslauthd/mux.accept
> saslauthd[6583] :detach_tty      : master pid is: 0
> saslauthd[6583] :ipc_init        : listening on socket: /var/state/saslauthd/mux
> saslauthd[6583] :main            : using process model
> saslauthd[6583] :have_baby       : forked child: 6584
> saslauthd[6583] :have_baby       : forked child: 6585
> saslauthd[6583] :have_baby       : forked child: 6586
> saslauthd[6583] :have_baby       : forked child: 6587
> saslauthd[6583] :get_accept_lock : acquired accept lock
> saslauthd[6583] :rel_accept_lock : released accept lock
> saslauthd[6584] :get_accept_lock : acquired accept lock
> saslauthd[6583] :do_auth         : auth failure: [user=pcs] [service=imap] [realm=] [mech=getpwent]
> [reason=Unknown]
> saslauthd[6583] :do_request      : response: NO

I assume that you are running saslauthd as root, that /etc/passwd is 
readable by root and that you actually have passwords in /etc/passwd (as 
opposed to /etc/shadow)?


> 
> 
>>-----Original Message-----
>>From: Ken Murchison [mailto:ken at oceana.com]
>>Sent: Thursday, December 16, 2004 10:45 AM
>>To: Wilson, Dave
>>Cc: info-cyrus at lists.andrew.cmu.edu
>>Subject: Re: Cyrus sasl authentication problem
>>
>>
>>Wilson, Dave wrote:
>>
>>
>>>This didn't work either:
>>
>>What does the SASL debug log look like?
>>
>>
>>
>>>./imtest -m login -a pcs localhost
>>>S: * OK pcs-pfni-01 Cyrus IMAP4 v2.2.10 server ready
>>>C: C01 CAPABILITY
>>>S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ 
>>
>>MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_
>>
>>>RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT 
>>
>>THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMOR
>>
>>>E IDLE
>>>S: C01 OK Completed
>>>Please enter your password:
>>>C: L01 LOGIN pcs {3}
>>>S: + go ahead
>>>C: <omitted>
>>>S: L01 NO Login failed: no mechanism available
>>>Authentication failed. generic failure
>>>Security strength factor: 0
>>>
>>>This is my imapd.conf:
>>>
>>>configdirectory: /u01/imap
>>>partition-default: /u01/spool/imap
>>>admins: pcs root
>>>sasl_pwcheck_method: saslauthd
>>>sasl_mech_list: PLAIN
>>>allowplaintext: 1
>>>defaultdomain: pactolus
>>>imapidlepoll: 15
>>>
>>>I have saslauthd running: ./saslauthd -a getpwent
>>>
>>>Any other ideas?
>>>
>>>Dave
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: Ken Murchison [mailto:ken at oceana.com]
>>>>Sent: Thursday, December 16, 2004 9:53 AM
>>>>To: Wilson, Dave
>>>>Cc: 'info-cyrus at lists.andrew.cmu.edu'
>>>>Subject: Re: Cyrus sasl authentication problem
>>>>
>>>>
>>>>Wilson, Dave wrote:
>>>>
>>>>
>>>>
>>>>>I'm using Cyrus with sasl, using auth method getpwent:
>>>>>
>>>>>./saslauthd -d -a getpwent
>>>>>
>>>>>I then use imtest:
>>>>>
>>>>>./imtest -m login -u pcs localhost
>>>>
>>>>This should be:
>>>>
>>>>./imtest -m login -a pcs localhost
>>>>
>>>>
>>>>
>>>>
>>>>>S: * OK pcs-pfni-01 Cyrus IMAP4 v2.2.10 server ready
>>>>>C: C01 CAPABILITY
>>>>>S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ 
>>
>>MAILBOX-REFERRALS
>>
>>>>>NAMESPACE UIDPLUS ID NO_ATOMIC_
>>>>>RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT 
>>>>
>>>>THREAD=ORDEREDSUBJECT
>>>>
>>>>
>>>>>THREAD=REFERENCES ANNOTATEMOR
>>>>>E IDLE AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
>>>>>S: C01 OK Completed
>>>>>Please enter your password:
>>>>>C: L01 LOGIN root {3}
>>>>>S: + go ahead
>>>>>C: <omitted>
>>>>>S: L01 NO Login failed: authentication failure
>>>>>Authentication failed. generic failure
>>>>>Security strength factor: 0
>>>>>
>>>>>The debug log from sasl is:
>>>>>
>>>>>saslauthd[5293] :main            : num_procs  : 5
>>>>>saslauthd[5293] :main            : mech_option: NULL
>>>>>saslauthd[5293] :main            : run_path   : 
>>
>>/var/state/saslauthd
>>
>>>>>saslauthd[5293] :main            : auth_mech  : getpwent
>>>>>saslauthd[5293] :ipc_init        : using accept lock file:
>>>>>/var/state/saslauthd/mux.accept
>>>>>saslauthd[5293] :detach_tty      : master pid is: 0
>>>>>saslauthd[5293] :ipc_init        : listening on socket:
>>>>>/var/state/saslauthd/mux
>>>>>saslauthd[5293] :main            : using process model
>>>>>saslauthd[5293] :have_baby       : forked child: 5294
>>>>>saslauthd[5293] :have_baby       : forked child: 5295
>>>>>saslauthd[5293] :have_baby       : forked child: 5296
>>>>>saslauthd[5293] :have_baby       : forked child: 5297
>>>>>saslauthd[5293] :get_accept_lock : acquired accept lock
>>>>>saslauthd[5293] :rel_accept_lock : released accept lock
>>>>>saslauthd[5294] :get_accept_lock : acquired accept lock
>>>>>saslauthd[5293] :do_auth         : auth failure: 
>>>>
>>>>[user=root] [service=imap]
>>>>
>>>>
>>>>>[realm=] [mech=getpwent]
>>>>>[reason=Unknown]
>>>>>saslauthd[5293] :do_request      : response: NO
>>>>>saslauthd[5294] :rel_accept_lock : released accept lock
>>>>>saslauthd[5295] :get_accept_lock : acquired accept lock
>>>>>saslauthd[5294] :do_auth         : auth failure: 
>>>>
>>>>[user=root] [service=imap]
>>>>
>>>>
>>>>>[realm=] [mech=getpwent]
>>>>>[reason=Unknown]
>>>>>saslauthd[5294] :do_request      : response: NO
>>>>>
>>>>>Why does this have user=root?  More generally, why is the 
>>>>
>>>>authentication
>>>>
>>>>
>>>>>failing?
>>>>>
>>>>>Thanks
>>>>>Dave
>>>>>
>>>>>---
>>>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>>
>>>>
>>>>
>>>>-- 
>>>>Kenneth Murchison     Oceana Matrix Ltd.
>>>>Software Engineer     21 Princeton Place
>>>>716-662-8973 x26      Orchard Park, NY 14127
>>>>--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
>>>>
>>>
>>>
>>>---
>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>
>>
>>-- 
>>Kenneth Murchison     Oceana Matrix Ltd.
>>Software Engineer     21 Princeton Place
>>716-662-8973 x26      Orchard Park, NY 14127
>>--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
>>
> 
> 
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 


-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list