Strange problem authenticating

Nikola Milutinovic Nikola.Milutinovic at ev.co.yu
Fri Jun 4 08:38:17 EDT 2004 

Here is a strange one.

I have 3 machines.

1 (Mercury): Cyrus IMAP 2.1.13, Cyrus SASL 2.1.13, Tru64 UNIX 4.0D
2 (EDKI):    Cyrus IMAP 2.1.13, Cyrus SASL 2.1.15, Tru64 UNIX 4.0D
3 (Legba):   Cyrus IMAP 2.2.5,  Cyrus SASL 2.1.18, Tru64 UNIX 5.1B

Machines 1 and 2 are working fine, "cyradm" and "imtest" are working and 
authenticating with PLAIN, CRAM-MD5 and DIGEST-MD5.

 From machine 3 I cannot use "cyradn" and "imtest" to machines 1 nad 2 
as I would like. Firstly, CRAM-MD5 and DIGEST-MD5 do not work at all and 
PLAIN works from cyradm, but not from imtest.

This is a sample session from machine 3.

Papa-Legba:/n# ./imtest -u root -a root -v -m DIGEST-MD5 -r 
EDKI.ki.ev.co.yu EDKI.ki.ev.co.yu
S: * OK EDKI.ki.ev.co.yu Cyrus IMAP4 v2.1.13 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=OTP AUTH=NTLM 
AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED 
ANNOTATEMORE X-NETSCAPE
S: C01 OK Completed
Authentication failed. no mechanism available
Security strength factor: 0
C: Q01 LOGOUT
Connection closed.

Papa-Legba:/# ./imtest -u root -a root -v -m CRAM-MD5 -r 
EDKI.ki.ev.co.yu EDKI.ki.ev.co.yu
S: * OK EDKI.ki.ev.co.yu Cyrus IMAP4 v2.1.13 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=OTP AUTH=NTLM 
AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED 
ANNOTATEMORE X-NETSCAPE
S: C01 OK Completed
Authentication failed. no mechanism available
Security strength factor: 0
C: Q01 LOGOUT
Connection closed.

Papa-Legba:/# ./imtest -u root -a root -v -m PLAIN -r EDKI.ki.ev.co.yu 
EDKI.ki.ev.co.yu
S: * OK EDKI.ki.ev.co.yu Cyrus IMAP4 v2.1.13 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=OTP AUTH=NTLM 
AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED 
ANNOTATEMORE X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
C: Q01 LOGOUT
Connection closed.

The log on the target machine says:

Jun  4 14:52:20 EDKI imapd[23999]: badlogin: 
Papa-Legba.ev.co.yu[192.168.61.19] PLAIN [SASL(-4): no mechanism 
available: security flags do not match required]

The funny thing is, "cyradm" will go:

Papa-Legba:/# ./cyradm --user root --auth PLAIN edki.ki.ev.co.yu
Password:
IMAP Password:

edki.ki.ev.co.yu>

The log says:

Jun  4 14:58:49 EDKI imapd[23247]: login: 
Papa-Legba.ev.co.yu[192.168.61.19] root plaintext

I've tried truss-ing the "cyradm" session. I can see all SASL mechs 
being detected and loaded (both *.la and *.so files). All dependant 
libraries are also loaded (SSL, BDB-4.2, OSF/1 system,...). I see no 
errors, other that "no mechanism".

What can I do to test further and (hopefully) nail the root cause?

Nix.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list