cyradm problem. sasl?

jocke khazad khazad1 at
Thu Jul 27 08:57:40 EDT 2006

Hello everyone!

Iam trying to setup a mailserver with postfix, cyrus-imap, cyrus-sasl,
mysql, pam_mysql on Redhat Enterprise 4.

Everything seems to work ok accept when I use cyradm to login on my imap

root> cyradm --user cyrus --server localhost --auth plain
root>password: <---- this is where my maillog spits out an error message
( imap[2302]: badlogin: localhost [] PLAIN [SASL(-16): encryption
needed to use mechanism: security flags do not match required] )

root>IMAP password: <--- this checks against mysql and seems to work fine..
I get into my imap server after this.

here is a paste of my maillog after I tried this.

Jul 26 09:28:50 mail56 imap[2302]: accepted connection
Jul 26 09:28:51 mail56 imap[2302]: badlogin: localhost [] PLAIN
[SASL(-16): encryption needed to use mechanism: security flags do not match
Jul 26 09:28:55 mail56 imap[2302]: login: localhost [] cyrus
plaintext User logged in

Ive been on this, googling, reading asking.. for a cpl of weeks now and it
starts to get on my nervs.
Can anyone give me a hint on what to do here?

A couple of notes:

1. postfix works fine, it also authenticates fine, I can send and resieve
2. imap works, I can login to my imap server from outlook express, and view
my mails.
3. I tryed to auth against sasldb with testsasl, and imtest. It works
without any problems.
4. I prolly read every post out ther about this problem and noone gives a
clear answer why this problem exists =)

If someone want to explain to me why the first authentication is ther for I
would also be glad =)

cyradm --user cyrus --server localhost --auth plain
>password     <----- why this one? what is it supposed to contact? Ive read
that its contacting sasldb2, but when I run saslauthd in debugmode I see
>IMAP password <----- this one makes sence, it checks my mysql tables and
this also works and lets me into my imap server, even tho the first pw auth

Here is my a few of my confs


postmaster: postmaster
configdirectory: /var/lib/imap/
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: mail56
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt



# Directory in which to place saslauthd's listening socket, pid file, and so
# on.  This directory must already exist.

# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a
# of which mechanism your installation was compiled to use.

# Additional flags to pass to saslauthd on the command line.  See
# for the list of accepted flags.



# standard standalone server implementation

  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
#  idled                cmd="idled"

# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=5
  imaps cmd="imapd -s" listen="imaps" prefork=1
  pop3          cmd="pop3d" listen="pop3" prefork=3
  pop3s         cmd="pop3d -s" listen="pop3s" prefork=1
  sieve         cmd="timsieved" listen="sieve" prefork=0

  # these are only necessary if receiving/exporting usenet via NNTP
#  nntp         cmd="nntpd" listen="nntp" prefork=3
#  nntps                cmd="nntpd -s" listen="nntps" prefork=1

  # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

  # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1

  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune      cmd="cyr_expire -E 3" at=0400

  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" at=0400


Thank you all for reading and trying to help me with this!

/ Jocke
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Info-cyrus mailing list