Move old sasldb2 to new

Kevin Kruzich kkruzich at linkshare.com
Thu Aug 10 16:09:59 EDT 2006 

Greetings,

I have an old sasldb2 authentication database that looks so:

#/usr/sbin/sasldblistusers2
[...]
fmimon at mbox: cmusaslsecretPLAIN
estrof at mbox: userPassword
[...]

Many lines like this, a mix of cmusaslsecretPLAIN and userPassword

Here's what 'file' says about it:
/etc/sasldb2: GNU dbm 1.x or ndbm database, little endian

Here's what I see with 'imtest'

imtest -a kkruzich -u kkruzich localhost
S: * OK mbox Cyrus IMAP4 v2.1.15 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
S: C01 OK Completed
Please enter your password:



ON ANOTHER SYSTEM I REBUILT cyrus-imapd-2.2.12 and cyrus-sasl-2.1.22 
with the following:

sasl:
./configure --enable-plain --disable-cram --disable-digest 
--disable-gssapi --enable-login --disable-otp --with-dblib=gdbm

imapd:
./configure --with-cyrus-prefix=/usr/local/cyrus

THEN I MOVED THAT /etc/sasldb2 MENTIONED ABOVE to this new machine 
(we'll call it newmbox) and here's what I see with imtest:

/usr/local/bin/imtest -a kkruzich -u kkruzich localhost
S: * OK newmbox Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE 
AUTH=NTLM AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: A01 AUTHENTICATE DIGEST-MD5
S: + 
bm9uY2U9IjNldGlVRHdYV1g1bjUxOFUwTWh5TDAvRUsvWE56VHhnVUxQK29YMHROanM9IixyZWFsbT0iemVlayIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password:


OR EVEN:

/usr/local/bin/imtest -mPLAIN -a kkruzich -u kkruzich localhost
S: * OK newmbox Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE 
AUTH=NTLM AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN a2tydXppY2gAa2tydXppY2gAYXNkZg==
S: A01 NO encryption needed to use mechanism
Authentication failed. generic failure
Security strength factor: 0

The logs say:

Aug 10 15:56:55 newmbox imap[4684]: badlogin: localhost.localdomain 
[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database]
Aug 10 15:57:07 newmbox imap[4684]: accepted connection
Aug 10 15:57:10 newmbox imap[4684]: badlogin: localhost.localdomain 
[127.0.0.1] PLAIN [SASL(-16): encryption needed to use mechanism: 
security flags do not match required]




I'm still pretty sure this sasldb2 I'm trying to use is plaintext --but 
the question is how do I conform to it? I've tried so many combinations 
of configure switches with sasl. I wish I could rid of this old sasldb2 
--and I may have to --but it contains 580 accounts and passwords that I 
don't want to have the user community reset.

Any comments would be greatly appreciated.

Thank you,
--kkruzich

More information about the Info-cyrus mailing list