pam+cyrus failed to authenticate

sam wun sam.wun at authtec.net
Tue Nov 16 03:13:37 EST 2004


Simon Matter wrote:

>>Hi,
>>
>>I got cyrus-imap2.2 and cyrus-sasl2.1.20 with saslauthd2 compiled in
>>FreeBSD 5.3.
>>I can successfully login with the following cyradm command:
>># cyradm -u cyrus --server gateway.mydom.com --auth plain
>>Password:
>>IMAP Password:
>>            gateway.mydom.com>
>>The log corresponding to the above cyradm command is:
>>
>>Nov 16 06:06:43 gateway imap[73636]: badlogin: gateway.mydom.com
>>[192.168.4.88] PLAIN [SASL(-16): encryption needed to use mechanism:
>>security flags do not match required]
>>Nov 16 06:06:46 gateway perl: No worthy mechs found
>>Nov 16 06:06:50 gateway imap[73636]: login: gateway.mydom.com
>>[192.168.4.88] cyrus plaintext User logged in
>>
>>I can see there is some problem here eventhought cyradm login
>>successfully, but the second log message indicated that cyrus is logged
>>in.
>>Then, I also added bob at mydom.com user account using the cyradm admin
>>shell.
>>
>>I further test the cyrus server by adding user at domain.com to the
>>imap.password file:
>>pwadd -a bob at mydom.com
>>    
>>
>
>I'm not sure this will work. IIRC with pam the you have to use 'saslauth
>-r' to make it not remove everything behind @.
>  
>
Thanks, it works from external mail client (mozilla).
The log msg is:
Nov 16 07:32:06 gateway imap[73957]: login: [192.168.4.235] 
abc.xyz at mydom.com plaintext User logged in

But the following imtest command failed when I test it in the gateway as 
root:
imtest -m plaintext -v -a bob at mydom.com
The error log is:
Nov 16 07:30:17 gateway imap[73953]: badlogin: localhost.mydom.com [::1] 
PLAIN [SASL(-16): encryption needed to use mechanism: security flags do 
not match required]

Thanks
Sam

>Simon
>
>  
>
>># cat imap.passwd
>>abc.xyz at mydom.com:$1$OxTrXXu7$SPv0UCpp4BuyFGy6uQkBn1
>>cyrus:$1$EUHsnXCc$qpuk26X8VPQnIifMbnap6.
>>bob at mydom.com:$1$3gb6Wviv$0zrfF91CdEd3IlI7c62QQ1
>>
>>But imtest failed with the following message:
>>
>>Nov 16 06:05:16 gateway saslauthd[73020]: user not found in password
>>database
>>Nov 16 06:05:16 gateway imap[73621]: badlogin: gateway.mydom.com
>>[192.168.4.88] plaintext bob at mydom.com SASL(-13): authentication
>>failure: checkpass failed
>>
>>I searched google, but found not much useful information.
>>Can anyone tell me how to fix this problem?
>>
>>I have saslauthd started with -a pam.
>>imapd.conf is defined with the option:
>>sasl_pwcheck_method: saslauthd
>>
>>Thanks
>>Sam
>>
>>
>>    
>>
>
>
>  
>


-- 
Senior Security Architect/Consultant
AuthTec Gateway Limited
Mobile: +852 9839 2464	
Email: sam.wun at authtec.net
Website: http://www.authtec.com


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list