cyrus password no longer authenticates to server

Mike Partyka Mike.Partyka at jumpnode.com
Mon Aug 8 09:13:25 EDT 2005


On Aug 8, 2005, at 12:14 AM, Simon Matter wrote:

>> I had a working cyrus-imapd installation and had successfully added
>> an account in the following way.
>>
>> # First set password for cyrus account
>> saslpasswd cyrus
>>
>
> With your config below, I don't thing you are using sasldb. So why  
> set a
> password in sasldb/sasldb2?
The mail server i am using is a project called open-xchange and i  
believe sasl is being used as a medium to communicate with ldap, here  
are two files that make this communication possible through the  
saslauthd daemon. I  the case of the cyrus user however i think this  
is stored in the sasldb and used strictly for administering the cyrus  
imapd service and more specifically for creating mailboxes

# /etc/saslauthd.conf
ldap_servers: ldap://ox-domain.tld:389/
ldap_bind_dn: cn=Manager,dc=ox-domain,dc=tld
ldap_bind_pw: ldapsecretpassword
ldap_search_base: dc=ox-domain,dc=tld

# /etc/conf.d/saslauthd
#SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam"

SASLAUTH_MECH=ldap
SASLAUTHD_OPTS="-a ${SASLAUTH_MECH}"


>
>
>>
>> # Using the cyrus account i initially used the command line below to
>> create an initial account.
>> cyradm -u cyrus mydomain.com
>> mydomain>cm myself
>>
>
> With your config below, I think you may wynt to create a mailbox with
> cm user.myself
Once the authentication completes this is how i would proceed to  
making a new mailbox
>
>
>> mydomain>exit
>>
>> # Today i attempted to create another mailbox and got the following
>> error.
>> myself at sand ~ $ cyradm -user cyrus mydomain.com
>>
>
> I'm quite sure you have changed your config now.

>
>
>> IMAP Password:
>>                Login failed: authentication failure at /usr/lib/ 
>> perl5/
>> site_perl/5.8.6/i686-linux/Cyrus/IMAP/Admin.pm line 118
>> cyradm: cannot authenticate to server with  as cyrus
>>
>> # The /var/log/messages file just reiterates the failure to
>> authenticate so really doesn't tell me anything i didn't know
>>
>
> And what does it tell you?

Here is a chunk of logging relating to the login failure, it doesn't  
seem very helpful to me but maybe you'll get something more from it.

Aug  8 07:09:48 sand imap[14154]: badlogin: sand.mydomain.com  
[192.168.0.3] plaintext cyrus SASL(-13): authentication failure:  
checkpass failed
Aug  8 07:10:32 sand imap[14154]: badlogin: sand.mydomain.com  
[192.168.0.3] plaintext cyrus SASL(-13): authentication failure:  
checkpass failed
Aug  8 07:11:30 sand imap[14154]: badlogin: sand.mydomain.com  
[192.168.0.3] plaintext cyrus SASL(-13): authentication failure:  
checkpass failed
Aug  8 07:13:20 sand imap[14195]: badlogin: sand.mydomain.com  
[192.168.0.3] plaintext cyrus SASL(-13): authentication failure:  
checkpass failed
Aug  8 07:16:50 sand imap[14203]: badlogin: localhost [127.0.0.1]  
plaintext cyrus SASL(-13): authentication failure: checkpass failed
Aug  8 07:21:01 sand ctl_cyrusdb[14221]: checkpointing cyrus databases

>
> In fact I don't think anybody can help you with this kind of  
> information.

I am not very familiar with Cyrus and am not sure what would be  
helpful here but would be happy to provide almost anything you  
suggest? i have only one other working user and i have considered  
dumping the /etc/sasl2/sasldb2 file which is i believe where the  
cyrus user's authentication info is located. Do you think this would  
let me recreate the cyrus account in  the sasldb?
>
> Simon
>
>
>>
>> # I have reset/recreated the cyrus account and password with the
>> saslpasswd2 command but i continue to get the error above though i
>> know i am using the correct password i just can't authenticate to the
>> server mydomain.com
>>
>> Can anyone give me some pointers as to what might need to be done in
>> order for me to be able to login to mydomain.com using the cyrus
>> account?
>>
>> Here is my /etc/imapd.conf
>>
>> # Use this if sieve-scripts could be in ~user/.sieve.
>> #sieveusehomedir:       yes
>>
>> # Use saslauthd if you want to use pam for imap.
>> # But be warned: login with DIGEST-MD5 or CRAM-MD5
>> # is not possible using pam.
>> sasl_pwcheck_method:    saslauthd
>> lmtp_downcase_rcpt:     yes
>>
>> ####################################################
>> ## This is a recommended authentication method if you
>> ## emerge cyrus-sasl with 'postgres' or 'mysql'
>> ## To use with mysql database uncomment those lines below.
>>
>> #sasl_pwcheck_method: auxprop
>> #sasl_auxprop_plugin: sql
>>
>> ## possible values for sasl_auxprop_plugin 'mysql', 'pgsql',  
>> 'sqlite'.
>> #sasl_sql_engine: mysql
>>
>> ## all possible values.
>> sasl_mech_list: PLAIN
>> ## or limit to CRAM-MD5 only
>> #sasl_mech_list: CRAM-MD5
>>
>> ## change below to suit your setup.
>> sasl_sql_user: mailsqluser
>> sasl_sql_passwd: password
>> sasl_sql_database: mailsqldb
>> sasl_sql_hostnames: localhost
>> sasl_sql_select: SELECT clear FROM users WHERE email = '%u@%r'
>>
>> Thanks in Advance for any help!
>>
>> Michael W. Partyka
>> Jumpnode Systems, LLC
>> Systems Administrator
>> 612.605.5056 Desk
>>
>>
>
>

Mike Partyka
Jumpnode Systems, LLC
Systems Administrator
(612)605-5056 Desk
(612)605-5099 Fax


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20050808/b8e6fd73/attachment.html


More information about the Info-cyrus mailing list