Configuration help for auxprop/sasldb authentication

John Gibson gib at edgate.com
Wed Mar 10 05:03:51 EST 2004 

Hi, all.

Jr. Newbie here.  Please point me in the right direction if possible.  :)

I can't seem to get past "user not found" to enable me to login to the 
IMAP server.

My objective is to authenticate and login using the imap admin user.  I 
would like to use what (I thought) would be the easiest configuration. 
 All users and passwords would be contained in a Berkeley db.  The IMAP 
server would verify user/pass against entries in that database.

Any help would be appreciated.

...john

*** DETAIL ***
System  Redhat Enterprise 3  plain-vanilla.  RPMs were used  
http://www.invoca.ch/pub/packages/cyrus-imapd/cyrus-imapd-2.2.3-8.src.rpm
(Thank you Simon Matter) ... I originally compiled from source code, but 
could not get the cyradm to run properly.

I understand that the /etc/imapd.conf can be the single source of 
configuration for the IMAP server (including SASL configuration).  Is 
there a configuration detail that I need to load the "sasldb" auxprop ?


/etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: rat
sasl_pwcheck_method: auxprop
servername: Edgate
tls_cert_file: /etc/cyrus/cyrus.pem
tls_key_file: /etc/cyrus/cyrus.pem

[root at apollo RPMS]# strings /etc/sasldb2
Rat_F1nk
apollo
userPassword
[root at apollo RPMS]#

[root at apollo RPMS]# imtest -s -u rat -a rat -w Rat_F1nk -m plain apollo
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK Edgate Cyrus IMAP4 v2.2.3-Invoca-RPM-2.2.3-8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE 
AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR 
LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN cmF0AHJhdABSYXRfRjFuaw==
S: A01 NO user not found
Authentication failed. generic failure
Security strength factor: 256
C: Q01 LOGOUT
Connection closed.

[root at apollo RPMS]# cat /var/log/auth.log
Mar 10 09:17:46 apollo imaps[2804]: Password verification failed
[root at apollo RPMS]#

[root at apollo RPMS]# ls -lat /etc/sasl*
-rwxrwxrwx    1 root     root        12288 Mar 10 07:41 /etc/sasldb2
[root at apollo RPMS]#


***** my reference ****
 From cyrus-imapd-2.2.3/doc/install-auth.html
Configuring Authentication

Cyrus SASL has a number of options that can be configured by the 
application. To configure these via imapd.conf, simply prefix the 
appropriate option name with sasl_ (e.g. pwcheck_method becomes 
sasl_pwcheck_method).
/etc/sasldb2

The easiest method for authenticating users is to use the libsasl 
authentication database and create users using the "saslpasswd2" 
utility. Set "sasl_pwcheck_method: auxprop", and be sure that the SASL 
sasldb auxprop module is installed (it is, by default). Make sure Cyrus 
can read "/etc/sasldb2

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list