authentification problems with imtest

[Ken Murchison]

Thomas Vogt wrote:

> Hi
> 
> I'm very confused with sasl and cyrus. All my users are in a ldap
> database. 
> 
> I can't authenticate with imtest. I searched the mailing list archiv.
> 
> My enviroment ist very basic.
> 
> my saslauth.conf
> ldap_servers: ldap://soho
> ldap_search_base: ou=people,ou=lan,dc=lan,dc=ch
> ldap_filter: (|(uid=%u)(mailacceptinggeneralid=%u))
> 
> My ldap works.
> 
> soho# testsaslauthd -u sohotest -p testsoho
> 0: OK "Success.
> 
> But when I try to do imtest it doesn't work
> 
> soho# imtest -m plain -a sohotest -w testsoho
> WARNING: no hostname supplied, assuming localhost
> 
> S: * OK soho Cyrus IMAP4 v2.2.10 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> LISTEXT LIST-SUBSCRIBED
> S: C01 OK Completed
> C: A01 AUTHENTICATE PLAIN
> S: A01 NO encryption needed to use mechanism
> Authentication failed. generic failure
> Security strength factor: 0
> 
> and the logfile shows:
> Dec  8 12:33:35 soho imap[52411]: badlogin: localhost [127.0.0.1] PLAIN
> [SASL(-16): encryption needed to use mechanism: security flags do not
> match required]

This is telling you that the PLAIN mechanism is not available (notice 
that you have no 'AUTH=xxx' capabilities advertised) unless a security 
layer is in place (e.g. TLS).  SInce STARTTLS isn't advertised, you 
don't have it configured.  You could test your config using the IMAP 
LOGIN command:

imtest -m login -a sohotest -w testsoho

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html