cyrus password no longer authenticates to server

Simon Matter simon.matter at ch.sauter-bc.com
Mon Aug 8 10:53:34 EDT 2005


>
> On Aug 8, 2005, at 12:14 AM, Simon Matter wrote:
>
>>> I had a working cyrus-imapd installation and had successfully added
>>> an account in the following way.
>>>
>>> # First set password for cyrus account
>>> saslpasswd cyrus
>>>
>>
>> With your config below, I don't thing you are using sasldb. So why
>> set a
>> password in sasldb/sasldb2?
> The mail server i am using is a project called open-xchange and i
> believe sasl is being used as a medium to communicate with ldap, here
> are two files that make this communication possible through the
> saslauthd daemon. I  the case of the cyrus user however i think this
> is stored in the sasldb and used strictly for administering the cyrus
> imapd service and more specifically for creating mailboxes
>
> # /etc/saslauthd.conf
> ldap_servers: ldap://ox-domain.tld:389/
> ldap_bind_dn: cn=Manager,dc=ox-domain,dc=tld
> ldap_bind_pw: ldapsecretpassword
> ldap_search_base: dc=ox-domain,dc=tld
>
> # /etc/conf.d/saslauthd
> #SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam"
>
> SASLAUTH_MECH=ldap
> SASLAUTHD_OPTS="-a ${SASLAUTH_MECH}"
>
>
>>
>>
>>>
>>> # Using the cyrus account i initially used the command line below to
>>> create an initial account.
>>> cyradm -u cyrus mydomain.com
>>> mydomain>cm myself
>>>
>>
>> With your config below, I think you may wynt to create a mailbox with
>> cm user.myself
> Once the authentication completes this is how i would proceed to
> making a new mailbox
>>
>>
>>> mydomain>exit
>>>
>>> # Today i attempted to create another mailbox and got the following
>>> error.
>>> myself at sand ~ $ cyradm -user cyrus mydomain.com
>>>
>>
>> I'm quite sure you have changed your config now.
>
>>
>>
>>> IMAP Password:
>>>                Login failed: authentication failure at /usr/lib/
>>> perl5/
>>> site_perl/5.8.6/i686-linux/Cyrus/IMAP/Admin.pm line 118
>>> cyradm: cannot authenticate to server with  as cyrus
>>>
>>> # The /var/log/messages file just reiterates the failure to
>>> authenticate so really doesn't tell me anything i didn't know
>>>
>>
>> And what does it tell you?
>
> Here is a chunk of logging relating to the login failure, it doesn't
> seem very helpful to me but maybe you'll get something more from it.
>
> Aug  8 07:09:48 sand imap[14154]: badlogin: sand.mydomain.com
> [192.168.0.3] plaintext cyrus SASL(-13): authentication failure:
> checkpass failed
> Aug  8 07:10:32 sand imap[14154]: badlogin: sand.mydomain.com
> [192.168.0.3] plaintext cyrus SASL(-13): authentication failure:
> checkpass failed
> Aug  8 07:11:30 sand imap[14154]: badlogin: sand.mydomain.com
> [192.168.0.3] plaintext cyrus SASL(-13): authentication failure:
> checkpass failed
> Aug  8 07:13:20 sand imap[14195]: badlogin: sand.mydomain.com
> [192.168.0.3] plaintext cyrus SASL(-13): authentication failure:
> checkpass failed
> Aug  8 07:16:50 sand imap[14203]: badlogin: localhost [127.0.0.1]
> plaintext cyrus SASL(-13): authentication failure: checkpass failed
> Aug  8 07:21:01 sand ctl_cyrusdb[14221]: checkpointing cyrus databases
>
>>
>> In fact I don't think anybody can help you with this kind of
>> information.
>
> I am not very familiar with Cyrus and am not sure what would be
> helpful here but would be happy to provide almost anything you
> suggest? i have only one other working user and i have considered
> dumping the /etc/sasl2/sasldb2 file which is i believe where the
> cyrus user's authentication info is located. Do you think this would
> let me recreate the cyrus account in  the sasldb?

I have never used sasldb but I think you can remove sasldb(2) because all
your authentication is handled via saslauthd->LDAP.

Simon

>>
>> Simon
>>
>>
>>>
>>> # I have reset/recreated the cyrus account and password with the
>>> saslpasswd2 command but i continue to get the error above though i
>>> know i am using the correct password i just can't authenticate to the
>>> server mydomain.com
>>>
>>> Can anyone give me some pointers as to what might need to be done in
>>> order for me to be able to login to mydomain.com using the cyrus
>>> account?
>>>
>>> Here is my /etc/imapd.conf
>>>
>>> # Use this if sieve-scripts could be in ~user/.sieve.
>>> #sieveusehomedir:       yes
>>>
>>> # Use saslauthd if you want to use pam for imap.
>>> # But be warned: login with DIGEST-MD5 or CRAM-MD5
>>> # is not possible using pam.
>>> sasl_pwcheck_method:    saslauthd
>>> lmtp_downcase_rcpt:     yes
>>>
>>> ####################################################
>>> ## This is a recommended authentication method if you
>>> ## emerge cyrus-sasl with 'postgres' or 'mysql'
>>> ## To use with mysql database uncomment those lines below.
>>>
>>> #sasl_pwcheck_method: auxprop
>>> #sasl_auxprop_plugin: sql
>>>
>>> ## possible values for sasl_auxprop_plugin 'mysql', 'pgsql',
>>> 'sqlite'.
>>> #sasl_sql_engine: mysql
>>>
>>> ## all possible values.
>>> sasl_mech_list: PLAIN
>>> ## or limit to CRAM-MD5 only
>>> #sasl_mech_list: CRAM-MD5
>>>
>>> ## change below to suit your setup.
>>> sasl_sql_user: mailsqluser
>>> sasl_sql_passwd: password
>>> sasl_sql_database: mailsqldb
>>> sasl_sql_hostnames: localhost
>>> sasl_sql_select: SELECT clear FROM users WHERE email = '%u@%r'
>>>
>>> Thanks in Advance for any help!
>>>
>>> Michael W. Partyka
>>> Jumpnode Systems, LLC
>>> Systems Administrator
>>> 612.605.5056 Desk
>>>
>>>
>>
>>
>
> Mike Partyka
> Jumpnode Systems, LLC
> Systems Administrator
> (612)605-5056 Desk
> (612)605-5099 Fax
>
>
>


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list