cyradm problem. sasl?

Patrick Radtke phr2101 at columbia.edu
Thu Jul 27 15:21:33 EDT 2006 

what happens if you do --auth LOGIN
instead of PLAIN?

PLAIN requires start TLS. The version of Cyrus you are using probably  
doesn't support startTLS with cyradm.

-Patrick
On Jul 27, 2006, at 8:57 AM, jocke khazad wrote:

> Hello everyone!
>
> Iam trying to setup a mailserver with postfix, cyrus-imap, cyrus- 
> sasl, mysql, pam_mysql on Redhat Enterprise 4.
>
> Everything seems to work ok accept when I use cyradm to login on my  
> imap server.
>
> root> cyradm --user cyrus --server localhost --auth plain
> root>password: <---- this is where my maillog spits out an error  
> message
> ( imap[2302]: badlogin: localhost [127.0.0.1 ] PLAIN [SASL(-16):  
> encryption needed to use mechanism: security flags do not match  
> required] )
>
> root>IMAP password: <--- this checks against mysql and seems to  
> work fine.. I get into my imap server after this.
>
> here is a paste of my maillog after I tried this.
>
> Jul 26 09:28:50 mail56 imap[2302]: accepted connection
> Jul 26 09:28:51 mail56 imap[2302]: badlogin: localhost [127.0.0.1]  
> PLAIN [SASL(-16): encryption needed to use mechanism: security  
> flags do not match required]
> Jul 26 09:28:55 mail56 imap[2302]: login: localhost [127.0.0.1]  
> cyrus plaintext User logged in
>
>
> Ive been on this, googling, reading asking.. for a cpl of weeks now  
> and it starts to get on my nervs.
> Can anyone give me a hint on what to do here?
>
> A couple of notes:
>
> 1. postfix works fine, it also authenticates fine, I can send and  
> resieve mail
> 2. imap works, I can login to my imap server from outlook express,  
> and view my mails.
> 3. I tryed to auth against sasldb with testsasl, and imtest. It  
> works without any problems.
> 4. I prolly read every post out ther about this problem and noone  
> gives a clear answer why this problem exists =)
>
> If someone want to explain to me why the first authentication is  
> ther for I would also be glad =)
>
> cyradm --user cyrus --server localhost --auth plain
> >password     <----- why this one? what is it supposed to contact?  
> Ive read that its contacting sasldb2, but when I run saslauthd in  
> debugmode I see nothing
> >IMAP password <----- this one makes sence, it checks my mysql  
> tables and this also works and lets me into my imap server, even  
> tho the first pw auth fails.
>
> Here is my a few of my confs
>
> /etc/imapd.conf:
>
> postmaster: postmaster
> configdirectory: /var/lib/imap/
> partition-default: /var/spool/imap
> admins: cyrus
> allowanonymouslogin: no
> allowplaintext: yes
> sasl_mech_list: PLAIN
> servername: mail56
> autocreatequota: 10000
> reject8bit: no
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> dracinterval: 0
> drachost: localhost
> sasl_pwcheck_method: saslauthd
> sievedir: /usr/sieve
> sendmail: /usr/sbin/sendmail
> sieve_maxscriptsize: 32
> sieve_maxscripts: 5
> #unixhierarchysep: yes
> tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
> tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
> tls_ca_file: /usr/share/ssl/certs/ca- bundle.crt
>
> --------------------------------------------------------
>
> /etc/sysconfig/saslauthd
>
> # Directory in which to place saslauthd's listening socket, pid  
> file, and so
> # on.  This directory must already exist.
> SOCKETDIR=/var/run/saslauthd
>
> # Mechanism to use when checking passwords.  Run "saslauthd -v" to  
> get a list
> # of which mechanism your installation was compiled to use.
> MECH=pam
>
> # Additional flags to pass to saslauthd on the command line.  See  
> saslauthd(8)
> # for the list of accepted flags.
> FLAGS=
>
> --------------------------------------------------------
>
> /etc/cyrus.conf
>
> # standard standalone server implementation
>
> START {
>   # do not delete this entry!
>   recover       cmd="ctl_cyrusdb -r"
>
>   # this is only necessary if using idled for IMAP IDLE
> #  idled                cmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/lib/imap/ 
> sockets
> SERVICES {
>   # add or remove based on preferences
>   imap          cmd="imapd" listen="imap" prefork=5
>   imaps cmd="imapd -s" listen="imaps" prefork=1
>   pop3          cmd="pop3d" listen="pop3" prefork=3
>   pop3s         cmd="pop3d -s" listen="pop3s" prefork=1
>   sieve         cmd="timsieved" listen="sieve" prefork=0
>
>   # these are only necessary if receiving/exporting usenet via NNTP
> #  nntp         cmd="nntpd" listen="nntp" prefork=3
> #  nntps                cmd="nntpd -s" listen="nntps" prefork=1
>
>   # at least one LMTP is required for delivery
> #  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
>   lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"  
> prefork=1
>
>   # this is only necessary if using notifications
> #  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify"  
> proto="udp" prefork=1
> }
>
> EVENTS {
>   # this is required
>   checkpoint    cmd="ctl_cyrusdb -c" period=30
>
>   # this is only necessary if using duplicate delivery suppression,
>   # Sieve or NNTP
>   delprune      cmd="cyr_expire -E 3" at=0400
>
>   # this is only necessary if caching TLS sessions
>   tlsprune      cmd="tls_prune" at=0400
> }
>
> --------------------------------------------------------
>
> Thank you all for reading and trying to help me with this!
>
> / Jocke
> ----
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list