LOGIN & PLAIN auth OK; CRAM-MD5 & DIGEST-MD5 fail w/ "no mechanism available: security flags do not match required"

OpenMacNews cyrus-info.20.openmacnews at spamgourmet.com
Tue Nov 2 19:20:40 EST 2004 

hi all,

one step at a time with this business ... =)

i've:

	Cyrus-SASL-2.1.9
	Cyrus-IMAP-2.2.8

built on OSX.

after verifying that my imtest etc. are actually linked to the RIGHT libsasl (previous post), i can verify LOGIN AUTH works:

	% imtest -t "" -m LOGIN -u siteadmin at testserver.testdomain.com -a siteadmin at testserver.testdomain.com -p imap testserver.testdomain.com

		S: C01 OK Completed
		Please enter your password:
		C: L01 LOGIN siteadmin at testserver.testdomain.com {6}
		S: + go ahead
		C: <omitted>
		S: L01 OK User logged in
		Authenticated.
		Security strength factor: 256

as well as PLAIN AUTH w/ a TLS WRAPPER

	% imtest -t "" -m PLAIN -u siteadmin at testserver.testdomain.com -a siteadmin at testserver.testdomain.com -p imap testserver.testdomain.com

		S: C01 OK Completed
		Please enter your password:
		C: A01 AUTHENTICATE PLAIN c2l0ZbmNlLWdyb3VwLm5lHJlc2pbkB0aVuY2UWFkbWluQHRpZWRnYXIuaW50ZXJuYWwucmFsLnByZXNltZ3JvdXAubmV0AHNpdGVhZG1WVkZ2FyLmludGVybdABDSEFOR0U=
		S: A01 OK Success (tls protection)
		Authenticated.
		Security strength factor: 256

BUT, neither CRAM-MD5 nor DIGEST-MD5 seem to work:

	% imtest -t "" -m CRAM-MD5 -u siteadmin at testserver.testdomain.com -a siteadmin at testserver.testdomain.com -p imap testserver.testdomain.com

		S: C01 OK Completed
		C: A01 AUTHENTICATE CRAM-MD5
		S: A01 NO no mechanism available
		Authentication failed. generic failure
		Security strength factor: 256

	% imtest -t "" -m DIGEST-MD5 -u siteadmin at testserver.testdomain.com -a siteadmin at testserver.testdomain.com -p imap testserver.testdomain.com

		S: C01 OK Completed
		C: A01 AUTHENTICATE DIGEST-MD5
		S: A01 NO no mechanism available
		Authentication failed. generic failure
		Security strength factor: 256

tailing system.log, i see:


	imap[892]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication
imap[893]: badlogin: testserver.testdomain.com [10.0.0.1] CRAM-MD5 [SASL(-4): no mechanism available: security flags do not match required]

	imap[899]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication
imap[900]: badlogin: testserver.testdomain.com [10.0.0.1] DIGEST-MD5 [SASL(-4): no mechanism available: security flags do not match required]

, respectively.

checking in my SASL plugin dir (/usr/local/cyrus-sasl/lib/sasl2) it looks as if all the appropriate modules are there ...

i'm a mite confused as to why ONE mechanism IS available (PLAIN), and the others are not.

pointers in the right direction?

thx,

richard
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list