Move old sasldb2 to new
Kevin Kruzich
kkruzich at linkshare.com
Thu Aug 10 16:09:59 EDT 2006
Greetings,
I have an old sasldb2 authentication database that looks so:
#/usr/sbin/sasldblistusers2
[...]
fmimon at mbox: cmusaslsecretPLAIN
estrof at mbox: userPassword
[...]
Many lines like this, a mix of cmusaslsecretPLAIN and userPassword
Here's what 'file' says about it:
/etc/sasldb2: GNU dbm 1.x or ndbm database, little endian
Here's what I see with 'imtest'
imtest -a kkruzich -u kkruzich localhost
S: * OK mbox Cyrus IMAP4 v2.1.15 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
S: C01 OK Completed
Please enter your password:
ON ANOTHER SYSTEM I REBUILT cyrus-imapd-2.2.12 and cyrus-sasl-2.1.22
with the following:
sasl:
./configure --enable-plain --disable-cram --disable-digest
--disable-gssapi --enable-login --disable-otp --with-dblib=gdbm
imapd:
./configure --with-cyrus-prefix=/usr/local/cyrus
THEN I MOVED THAT /etc/sasldb2 MENTIONED ABOVE to this new machine
(we'll call it newmbox) and here's what I see with imtest:
/usr/local/bin/imtest -a kkruzich -u kkruzich localhost
S: * OK newmbox Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=NTLM AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: A01 AUTHENTICATE DIGEST-MD5
S: +
bm9uY2U9IjNldGlVRHdYV1g1bjUxOFUwTWh5TDAvRUsvWE56VHhnVUxQK29YMHROanM9IixyZWFsbT0iemVlayIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password:
OR EVEN:
/usr/local/bin/imtest -mPLAIN -a kkruzich -u kkruzich localhost
S: * OK newmbox Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=NTLM AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN a2tydXppY2gAa2tydXppY2gAYXNkZg==
S: A01 NO encryption needed to use mechanism
Authentication failed. generic failure
Security strength factor: 0
The logs say:
Aug 10 15:56:55 newmbox imap[4684]: badlogin: localhost.localdomain
[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database]
Aug 10 15:57:07 newmbox imap[4684]: accepted connection
Aug 10 15:57:10 newmbox imap[4684]: badlogin: localhost.localdomain
[127.0.0.1] PLAIN [SASL(-16): encryption needed to use mechanism:
security flags do not match required]
I'm still pretty sure this sasldb2 I'm trying to use is plaintext --but
the question is how do I conform to it? I've tried so many combinations
of configure switches with sasl. I wish I could rid of this old sasldb2
--and I may have to --but it contains 580 accounts and passwords that I
don't want to have the user community reset.
Any comments would be greatly appreciated.
Thank you,
--kkruzich
More information about the Info-cyrus
mailing list