Cyrus-IMAP, saslauthd, Problems with DIGEST/CRAM-MD5

Eric Renfro erenfro at gmail.com
Mon Feb 20 23:08:04 EST 2006 

Hello. I'm having a problem with Cyrus-IMAPD 2.2.12 with Cyrus-SASL 2.1.19's 
saslauthd.

When I login using the LOGIN method, I see saslauthd doing it's lookup, and 
OpenLDAP logs show it as well, and it's all successfull. However, when trying 
to do a PLAIN, DIGEST-MD5, or CRAM-MD5 auth to the IMAP server, it fails. 
cyrus/imapd shows up in the logs, but saslauthd does not.

Feb 20 19:22:27 ragnarok cyrus/imap[8274]: DIGEST-MD5 server step 1
Feb 20 19:22:33 ragnarok cyrus/imap[8274]: DIGEST-MD5 server step 2
Feb 20 19:22:33 ragnarok cyrus/imap[8274]: no secret in database
Feb 20 19:22:37 ragnarok cyrus/imap[8274]: DIGEST-MD5 server step 1
Feb 20 19:22:37 ragnarok cyrus/imap[8274]: DIGEST-MD5 server step 2
Feb 20 19:22:37 ragnarok cyrus/imap[8274]: no secret in database

That's the logs of my attempt to login using DIGEST-MD5, from the authlog.

Feb 20 19:22:27 ragnarok cyrus/imap[8274]: accepted connection
Feb 20 19:22:33 ragnarok cyrus/imap[8274]: badlogin: midgard.furreville.net 
[192.168.1.10] DIGEST-MD5 [SASL(-13): user not found: no secret in database]
Feb 20 19:22:37 ragnarok cyrus/imap[8274]: accepted connection
Feb 20 19:22:37 ragnarok cyrus/imap[8274]: badlogin: midgard.furreville.net 
[192.168.1.10] DIGEST-MD5 [SASL(-13): user not found: no secret in database]

And that's from the mail log.

A successfull LOGIN auth:

Feb 20 19:24:20 ragnarok saslauthd[8281]: DIGEST-MD5 client step 2
Feb 20 19:24:20 ragnarok saslauthd[8281]: DIGEST-MD5 client step 2
Feb 20 19:24:20 ragnarok saslauthd[8281]: DIGEST-MD5 client step 3

And from maillog:

Feb 20 19:24:20 ragnarok cyrus/imap[8274]: accepted connection
Feb 20 19:24:20 ragnarok cyrus/imap[8274]: login: midgard.furreville.net 
[192.168.1.10] psi-jack plaintext User logged in

What could be wrong here?

saslauthd is configured to use ldap, and only that. And it is successfully 
using a sasl fastbind to openldap for login auths. But LDAP is never even 
touched with any other methods. 

This is on Ubuntu Dapper 6.04's edition of Cyrus-IMAPD.

-- 
Eric Renfro
===
Conscience doth make cowards of us all.
		-- Shakespeare
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20060220/c9e4c7b7/attachment.bin

More information about the Info-cyrus mailing list