Sieve authentication failure

Paul-Erik Törrönen paul-erik.torronen at cardinal.fi
Mon Dec 5 09:20:52 EST 2005


Hello,

We have a problem similar to that described by Andrew Morgan, ie. sieve
(both sieveshell and sivtest) is not accepting the given password. The
difference is that we use the Cyrus-Imapd (2.2.12-6.fc4) provided by
FC4. We use LDAP and saslauthd is configured to validate the login
against it.

# testsaslauthd -u poltsi -p <password>
0: OK "Success."

Likewise using imtest (as user) works:

$ imtest 
WARNING: no hostname supplied, assuming localhost

S: * OK <mailserver> Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-6.fc4 server
ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password: 
C: L01 LOGIN poltsi {11}
S: + go ahead
C: <omitted>
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
C: Q01 LOGOUT
* BYE LOGOUT received
Q01 OK Completed
Connection closed.

But sivtest fails:

$ sivtest -a poltsi localhost
S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12-Invoca-RPM-2.2.12-6.fc4"
S: "SASL" "PLAIN"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify
subaddress relational comparator-i;ascii-numeric regex"
S: "STARTTLS"
S: OK
Please enter your password: 
C: AUTHENTICATE "PLAIN" {28+}
<password hash>
S: NO "Authentication Error"

As do sieveshell:

$ sieveshell -u poltsi -a poltsi localhost
connecting to localhost
Please enter your password: 
unable to connect to server at /usr/bin/sieveshell line 169, <STDIN>
line 1.

There is nothing helpful in /var/log/maillog:

Dec  5 13:53:24 mail sieve[14763]: executed
Dec  5 13:53:24 mail sieve[14763]: accepted connection
Dec  5 13:53:27 mail master[13998]: process 14763 exited, status 0

The /usr/lib/sasl2/libplain.so exists (provided by
cyrus-sasl-plain-2.1.20-5) and following a related discussion on SuSe
mailinglist¹ I checked that the required perl-modules also are
installed.

Of course users are able to log on cyrus-imapd normally to read and
manage their messages through IMAPS.

¹ http://lists.suse.com/archive/suse-linux-e/2005-Sep/1313.html

Running trace on the sieveshell command shows only a very brief
interaction with the timsieved:

(Reading the enter when giving the password)
14858 read(0, "\n", 4096)               = 1
14858 write(1, "\n", 1)                 = 1
14858 pipe([5, 6])                      = 0
14858 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|
CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f03be8) = 14863
14858 close(6 <unfinished ...>
14863 close(5 <unfinished ...>
14858 <... close resumed> )             = 0
14863 <... close resumed> )             = 0
14858 rt_sigaction(SIGINT, {SIG_IGN},  <unfinished ...>
14863 fcntl64(6, F_SETFD, FD_CLOEXEC <unfinished ...>
14858 <... rt_sigaction resumed> {SIG_DFL}, 8) = 0
14863 <... fcntl64 resumed> )           = 0
14858 rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_DFL}, 8) = 0
14858 waitpid(14863,  <unfinished ...>
14863 rt_sigaction(SIGFPE, {SIG_DFL}, {SIG_IGN}, 8) = 0
14863 execve("/usr/kerberos/bin/stty", ["stty",
"500:5:bf:8a3b:3:1c:7f:15:4:0:1:0"...], [/* 27 vars */]) = -1 ENOENT (No
such file or directory)
14863 execve("/usr/local/bin/stty", ["stty",
"500:5:bf:8a3b:3:1c:7f:15:4:0:1:0"...], [/* 27 vars */]) = -1 ENOENT (No
such file or directory)
14863 execve("/bin/stty", ["stty",
"500:5:bf:8a3b:3:1c:7f:15:4:0:1:0"...], [/* 27 vars */]) = 0
14863 brk(0)                            = 0x8e35000
14863 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
14863 open("/etc/ld.so.cache", O_RDONLY) = 3
14863 fstat64(3, {st_mode=S_IFREG|0644, st_size=22331, ...}) = 0
14863 old_mmap(NULL, 22331, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f18000
14863 close(3)                          = 0
14863 open("/lib/libc.so.6", O_RDONLY)  = 3
14863 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0
\212N(\000"..., 512) = 512
14863 fstat64(3, {st_mode=S_IFREG|0755, st_size=1485672, ...}) = 0
14863 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0xb7f17000
14863 old_mmap(0x270000, 1215452, PROT_READ|PROT_EXEC, MAP_PRIVATE|
MAP_DENYWRITE, 3, 0) = 0x270000
14863 old_mmap(0x393000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_FIXED|MAP_DENYWRITE, 3, 0x123000) = 0x393000
14863 old_mmap(0x397000, 7132, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x397000
14863 close(3)                          = 0
14863 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0xb7f16000
14863 set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f166c0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
14863 mprotect(0x393000, 8192, PROT_READ) = 0
14863 mprotect(0x26c000, 4096, PROT_READ) = 0
14863 munmap(0xb7f18000, 22331)         = 0
14863 brk(0)                            = 0x8e35000
14863 brk(0x8e56000)                    = 0x8e56000
14863 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
14863 fstat64(3, {st_mode=S_IFREG|0644, st_size=49610160, ...}) = 0
14863 mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d16000
14863 close(3)                          = 0
14863 open("/usr/share/locale/locale.alias", O_RDONLY) = 3
14863 fstat64(3, {st_mode=S_IFREG|0644, st_size=2528, ...}) = 0
14863 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7d15000
14863 read(3, "# Locale name alias data base.\n#"..., 4096) = 2528
14863 read(3, "", 4096)                 = 0
14863 close(3)                          = 0
14863 munmap(0xb7d15000, 4096)          = 0
14863 open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo",
O_RDONLY) = -1 ENOENT (No such file or directory)
14863 open("/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo",
O_RDONLY) = -1 ENOENT (No such file or directory)
14863 open("/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY)
= -1 ENOENT (No such file or directory)
14863 open("/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo",
O_RDONLY) = -1 ENOENT (No such file or directory)
14863 open("/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo",
O_RDONLY) = -1 ENOENT (No such file or directory)
14863 open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
14863 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon
-echo ...}) = 0
14863 ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon
echo ...}) = 0
14863 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon
echo ...}) = 0
14863 exit_group(0)                     = ?
14858 <... waitpid resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0)
= 14863
14858 --- SIGCHLD (Child exited) @ 0 (0) ---
14858 rt_sigaction(SIGINT, {SIG_DFL}, NULL, 8) = 0
14858 rt_sigaction(SIGQUIT, {SIG_DFL}, NULL, 8) = 0
14858 read(5, "", 4)                    = 0
14858 close(5)                          = 0
14858 write(4, "AUTHENTICATE \"PLAIN\" {36+}\r\ncG9s"..., 66) = 66
14858 read(4, "NO \"Authentication Error\"\r\n", 4096) = 27

Does the timsieved need some additional configuring due to our
authentication system, since we have another installation where the sasl
authentication mech is shadow and that one works beautifully?

With regards,

Poltsi

-- 
Paul-Erik Törrönen, 
Cardinal Information Systems Ltd.
Pursimiehenkatu 29-31 C
00150 Helsinki, Finland
Mobile: +358 (0)40 703 1231
Phone: +358 (0)424 792 204
Fax: +358 (0)424 792 207
http://www.cardinal.fi/




More information about the Info-cyrus mailing list