help pls? imtest OK for localhost, fails for same box @ IP .... where to start looking?

OpenMacNews OpenMacNews at speakeasy.net
Fri Oct 7 13:17:41 EDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hi Georg


>>>>login with username at servername.domain.com
>
> this is the part I was talking about. If you have virtdomains: yes,
> imapd adds a realm to all usernames without realm, so on my server the
> real username used with sasl is username at servername.domain.com, which I
> have in my user database, so I can log in.

i've been googling the lists abt realms.

let's just say their use/implementation is *not* very clear to me :-/

AND, apparently, quite a few others have issues/questions as well ...

>>
>>ok. mine is:
>>
>>imtest -t "" -p imap -m plain -a my.admin -u testuser at testdomain.com 127.0.0.1
>>login: localhost [127.0.0.1] testuser PLAIN+TLS
>
>
> I think your imapd will try to use a username like this:
> my.admin at servername.testdomain.com to log in. hmm, have you set
> defaultdomain?

yes.

ok. fwiw,

    imapd.conf:
	...
	virtdomains:            on
	defaultdomain:          testdomain.com
	servername:             mail.openexec.com
	...

and,

	sasldblistusers2 -f USERS/sasldb2
		my.admin at mail.testdomain.com: userPassword
		testuser at testdomain.com: userPassword


you are correct, imtest is logging in using the "-a" auth credential, i.e.
my.admin at mail.testdomain.com.

just to test, trying:

	imtest -t "" -p imap -m plain -a my.admin -u ABCD at testdomain.com 127.0.0.1

also 'works',

        >>login: localhost [127.0.0.1] ABCD PLAIN+TLS

even though "ABCD at testdomain.com" neither exists in sasldb2, nor has had a mailbox created.

AND,

	imtest -t "" -p imap -m plain -a XXXX.admin -u testuser at testdomain.com 127.0.0.1

fails login,

	DMCYRUS/imaplocal[18263]: Password verification failed
	DMCYRUS/imaplocal[18263]: badlogin: localhost [127.0.0.1] PLAIN [SASL(-13): user not found:
Password verification failed]

this *is* how i understand the operation ... you can 'log in' as any user, as long as the auth
credential (-a ...) is valid.  when it's NOT valid, no login.

so, when i login "from localhost on the localhost interface", all seems OK.

> Here the strange thing is that the servername part is cut off, so I
> cannot login like this. Same like you.
>
> What I don't understand is how imapd constructs the the realm. I asked
> on this list four days ago (cyrus sasl realm problem), but I still don't
> understand it really :(
>
> that's what I received from Brad Crotchett:
> ...

ok.

when i login "from localhost on the EXTERNAL interface"

	imtest -t "" -p imap -m plain -a my.admin -u testuser at testdomain.com mail.testdomain.com


i get a login FAILure:

	DMCYRUS/imap[18339]: Password verification failed
	DMCYRUS/imap[18339]: badlogin: sv2.testdomain.com [10.0.0.5] PLAIN [SASL(-13): user not found:
Password verification failed]


AND, when i login "from external on the external interface",

	imtest -t "" -p imap -m plain -a my.admin -u testuser at testdomain.com mail.testdomain.com

i *still* get a failed login:

	DMCYRUS/imap[18337]: Password verification failed
	DMCYRUS/imap[18337]: badlogin: pb1.testdomain.com [10.0.0.7] PLAIN [SASL(-13): user not found:
Password verification failed]




so, my current 'bottom line' is:


imtest:

	from localhost [127.0.0.1] on the localhost [127.0.0.1] interface  --> OK
	from localhost [127.0.0.1] on the external  [10.0.0.5]  interface  --> FAIL
	from external  [10.0.0.7]  on the external  [10.0.0.5]  interface  --> FAIL

> On my system I can login from localhost on the localhost interface, and
> from external on the external interface. I can live with that, although
> I would like to understand what's happening.

unfortunately i can NOT live with that :-{

argh.

richard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)

iEYEAREDAAYFAkNGrbQACgkQGnqMy4gvZ6FniQCcCRW4rT5vNj6nCZkGJZg1cfYc
toAAn1aZSJryIdrPRjxVaivQWbA66TLi
=8gfe
-----END PGP SIGNATURE-----

More information about the Info-cyrus mailing list