AUTH CRAM-MD5 FAILD When LOGIN CYRUS-IMAPD SERVER.

Wang Penghui wangpenghui at realss.com
Sun Jul 11 22:45:33 EDT 2004 

Hi,all.

I have a mail server which built with cyrus-imapd postfix openldap 
cyrus-sasl under gentoo linux. When login with the php function 
"imap_open", it will fail with a error follow, i have recorded the 
streams send and received within the client and server.

That's the message what i have recorded:

* OK mail.garage.com Cyrus IMAP4 v2.2.3-Gentoo server ready
00000000 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE 
STARTTLS AUTH=NTLM
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
00000000 OK Completed
00000001 AUTHENTICATE CRAM-MD5
+ PDk3MTMzMTAxNi4xNTgxOTQ1MkBEb2xwaGluPg==
d2FuZ3BlbmdodWkgMmU0NzRjMzkyNzcyZGZkMGM0OWZlODU1NTllZTEyNjM=
00000001 NO user not found

It looks like that the CRAM-MD5 authenticate have faild.

But when i use mozilla-thunderbird to access the imap folders, it works 
well.
Here's the streams i have recorded for it:

* OK mail.garage.com Cyrus IMAP4 v2.2.3-Gentoo server ready
1 capability
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE 
STARTTLS AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT 
LIST-SUBSCRIBED X-NETSCAPE
1 OK Completed
2 login "username" "passwd"
2 OK User logged in

It works well. But not use the CRAM-MD5 authenticate.

And Some of my configuration files are:

=====IMAPD.conf======
configdirectory:        /var/imap
partition-default:      /var/spool/imap
sievedir:               /var/imap/sieve
tls_cert_file:          /etc/cyrusimapd/server.crt
tls_key_file:           /etc/cyrusimapd/server.key
admins:                 cyrus
hashimapspool:          yes
allowanonymouslogin:    no
allowplaintext:         yes
unixhierarchysep:       0
servername:             mail.garage.com
sasl_pwcheck_method:    saslauthd
mech_list: plain login
sendmail: /usr/sbin/sendmail
=========================

======saslauth.conf======
ldap_servers: ldap://localhost/
ldap_bind_dn: cn=Manager, dc=eoa, dc=cn
ldap_bind_pw: dolphin
ldap_search_base: ou=Realss, dc=eoa, dc=cn
ldap_version: 3
==========================

=====/etc/conf.d/saslauthd=======
SASL_AUTHMECH=ldap
[ -n ${SASL_AUTHMECH} ] && \
        SASLAUTHD_OPTS="-a ${SASL_AUTHMECH}"
=================================

And my soft version was:

cyrus-sasl 2.1.18
cyrus-imapd 2.2.3
cyrus-imap-admin 2.2.3


I think that maybe i could remove the MD5 auth or configure the MD5 auth 
correctly.
But i really dont know how to implement it, Could someone pick me up a 
doc or howto.

Thank you in advance!

Wang Penghui
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list