does xfer require murder?

Patrick Radtke phr2101 at columbia.edu
Thu Apr 20 17:42:17 EDT 2006


You need to use tls as well for PLAIN to work.  add -t ""  to your  
arguments


What mechanism do you want to use for connecting between backends? If  
its PLAIN then you want
force_sasl_client_mech: PLAIN

in your imapd.conf file.

Otherwise, the machines will see GSSAPI advertised and will try using  
that.

-Patrick





On Apr 20, 2006, at 5:19 PM, Perry Brown wrote:

>
>
>
>>
>>
>>
>>>
>>> Perry Brown wrote:
>>>> Thanks for the imtest idea.
>>>>
>>>> It looks like I can log in OK.
>>>>
>>>>
>>>> server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m login -p imap  
>>>> server2.sub2.domain.com
>>>
>>> Force imtest to use one of the SASL mechanisms that are listed.   
>>> The backends *only* use SASL, not protocol specific login  
>>> commands (IMAP LOGIN, POP3 USER/PASS, NNTP AUTHINFO USER/PASS).
>>>
>>
>> I'm sorry I got my dounce cap on today or something.
>>
>> Should I change the -m login to -m and one of the AUTH= values  
>> from the CAPABILITY output?
>> ie  -m GSSAPI? or digest-md5 etc...
>>
>> Andy Morgan wrote:
>> Maybe "-m plain"?
>
> thank you for the suggestion Andy but no luck.
>
> server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m plain -p imap
> WARNING: no hostname supplied, assuming localhost
>
> S: * OK server1.sub1.domain.com Cyrus IMAP4 v2.2.8 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX- 
> REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN  
> MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES  
> ANNOTATEMORE IDLE AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR  
> LISTEXT LIST-SUBSCRIBED X-NETSCAPE
> S: C01 OK Completed
> Please enter your password:
> C: A01 AUTHENTICATE PLAIN Y3lyaW1hcABjeXJpbWFwAGpTdXZTMTFz
> S: A01 NO no mechanism available
> Authentication failed. generic failure
> Security strength factor: 0
>
>
>>
>> I gave this a try with GSSAPI, and got nothing.
>>
>> digest-md5,
>>
>> server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m digest-md5
>> WARNING: no hostname supplied, assuming localhost
>>
>> S: * OK server1.sub1.domain.com Cyrus IMAP4 v2.2.8 server ready
>> C: C01 CAPABILITY
>> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX- 
>> REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN  
>> MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES  
>> ANNOTATEMORE IDLE AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL- 
>> IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
>> S: C01 OK Completed
>> C: A01 AUTHENTICATE DIGEST-MD5
>> S:
>> wkrnfjknf (etc list of characters)
>> Please enter your password: (I enter passwd for cyrus)
>> C: dXNlcm5h (another long list of characters)
>> S: A01 NO user not found
>> Authentication failed. generic failure
>> Security strength factor: 128
>>
>>
>> This is what I see in local6.log on server1.sub1
>>
>> Apr 20 11:04:32 server1 imap[17729]: accepted connection
>> Apr 20 11:04:38 server1 imap[17729]: badlogin:  
>> localhost.localdomain [127.0.0.1] DIGEST-MD5 [SASL(-13): user not  
>> found: no secret in database]
>>
>> This is in the auth.log
>> Apr 20 11:06:26 server1 imap[15971]: unable to open Berkeley db / 
>> etc/sasldb2: No such file or directory
>> Apr 20 11:06:26 server1 imap[15971]: unable to open Berkeley db / 
>> etc/sasldb2: No such file or directory
>> Apr 20 11:06:26 server1 imap[15971]: no secret in database
>>
>>
>>
>> cram-md5 got me pretty much the same thing.
>>
>> Is there a cyrus or sasl command I should/can run to get the auth  
>> for digest-md5 working?
>>
>>
>> Perry
>>
>>
>>
>>>
>>>> S: * OK server2.sub2.domain.com Cyrus IMAP4 v2.2.8 server ready
>>>> C: C01 CAPABILITY
>>>> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX- 
>>>> REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT  
>>>> CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT  
>>>> THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=GSSAPI AUTH=DIGEST-MD5  
>>>> AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
>>>> S: C01 OK Completed
>>>> Please enter your password:
>>>> C: L01 LOGIN cyrus {8}
>>>> S: + go ahead
>>>> C: <omitted>
>>>> S: L01 OK User logged in
>>>> Authenticated.
>>>> Security strength factor: 0
>>>> CAPABILITY
>>
>>
>> ----
>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> ----
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html



More information about the Info-cyrus mailing list