Authentication error

Christiano Anderson anderson at debian-rs.org
Fri Jan 9 10:35:50 EST 2004



--------------------------- Mensagem Original ----------------------------
Assunto: Re: [Fwd: Re: Authentication error]
De:      "Marlon Dutra" <marlon at propus.com.br>
Data:    Sex, Janeiro 9, 2004 12:56 pm
Para:    info-cyrus at lists.andrew.cmu.edu
--------------------------------------------------------------------------

Hi,

FYI, I'm working with Christiano.

> This is because cyradm will pick the most secure authentication
> mechanism that the server advertises (e.g. DIGEST-MD5), and all of the
non-plaintext mechanisms require that you have the user's secret stored
in an auxprop plugin backend (e.g. sasldb).  If you only want to use
plaintext passwords via saslauthd, set your imapd.conf options to:

> sasl_mech_list: PLAIN LOGIN
> sasl_pwcheck_method: saslauthd

We've done that, but the problem still.

When I type 'cyradm -u cyrus localhost' and hit ENTER, cyrus logs the
following:

--
Jan  9 10:45:47 ldap master[3421]: about to exec /usr/cyrus/bin/imapd Jan 
9 10:45:47 ldap imap[3421]: executed
Jan  9 10:45:47 ldap imapd[3421]: accepted connection
--

When I type the password, I get this:

Jan  9 10:45:51 ldap master[3414]: process 3421 exited, signaled to death
by 11

The child process, likely imapd, is death with signal 11.

If I strace that process, it gets a SIGSEV. Take a look:

--
...
getpeername(12, {sin_family=AF_INET, sin_port=htons(389),
sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0
brk(0x812d000)                          = 0x812d000
brk(0x8130000)                          = 0x8130000
time([1073659944])                      = 1073659944
getpid()                                = 3455
rt_sigaction(SIGPIPE, {0x402b9f48, [], 0x4000000}, {SIG_IGN}, 8) = 0
send(10, "<37>Jan  9 10:52:24 imapd[3455]:"..., 54, 0) = 54
rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
--- SIGSEGV (Segmentation fault) ---
--

The same problem happens if I try to login directly via IMAP or via POP3.

By debugging sasl, it says that authentication is OK, and there is no any
problem.

> Alternatively, OpenLDAP 2.1.x includes an auxprop plugin, which would
allow you use any SASL mech with your LDAP installation.

Actually we're using sasl authenticating against PAM. PAM is using LDAP
for all the system.

Any idea?

PS: we have the same problem in two different machines, and they are too
different (hardware). One of them is using the kernel 2.4.24 and the other
one is using 2.4.23.

We've tried both Debian packages and the source from Cyrus' website.

-- 
MARLON DUTRA
Propus
GnuPG ID: 0x3E2060AC pgp.mit.edu
http://www.propus.com.br/
http://hackers.propus.com.br/~marlon/


!DSPAM:3ffec94a215402101913504!






-- 
Christiano Anderson <anderson at propus.com.br>
Propus Informatica
http://www.propus.com.br




More information about the Info-cyrus mailing list