Problem with SASL authentication after server move

Shawn O'Connor soconnor at falconknight.com
Mon Jun 19 14:34:22 EDT 2006


All,

I've been having a heck of a time after moving our cyrus imap server.  
For some reason, what had been working perfect is now no longer working.

Is there something for which I should be looking in perhaps hostnames, 
DNS, IP addresses, or authentication realms that would affect 
authenticate after a server IP change?

I'm experiencing the following problem on FreeBSD 6.0, with cyrus-sasl 
and saslauthd 2.1.21_1, and cyrus-imap-2.2.13_1:

mail# testsaslauthd -u cyrus -p XXXXX
saslauthd[18185] :get_accept_lock : acquired accept lock
saslauthd[18184] :rel_accept_lock : released accept lock
saslauthd[18184] :do_auth         : auth failure: [user=cyrus] 
[service=imap] [realm=] [mech=pam] [reason=PAM auth error]
0: NO "authentication failed" 

All the usernames and passwords are in sasldb2.

Could it be that the realm is not set? If so, how do I set it?

Also I get this troublesome bit when I try to use cyradm:

mail# cyradm --user=cyrus localhost
Password:
cyradm: cannot authenticate to server with  as cyrus
Segmentation fault (core dumped)

When users are attempting to get mail, I see this in the logs:

Jun 20 02:31:13 mail master[18210]: about to exec /usr/local/cyrus/bin/imapd
Jun 20 02:31:13 mail imap[18210]: executed
Jun 20 02:31:13 mail imap[18210]: accepted connection
Jun 20 02:31:13 mail imap[18210]: OTP unavailable because can't 
read/write key database /etc/opiekeys: Permission denied
Jun 20 02:31:13 mail perl: GSSAPI Error:  Miscellaneous failure (see 
text) (unable to find realm of host localhost)
Jun 20 02:31:13 mail imap[18210]: DIGEST-MD5 server step 1
Jun 20 02:31:13 mail perl: DIGEST-MD5 client step 2
Jun 20 02:31:14 mail imap[18210]: DIGEST-MD5 server step 2
Jun 20 02:31:14 mail imap[18210]: no user in db
Jun 20 02:31:14 mail imap[18210]: no user in db
Jun 20 02:31:14 mail imap[18210]: no secret in database
Jun 20 02:31:14 mail imap[18210]: badlogin: somedomain.biz 
[XXX.XXX.XXX.XXX] DIGEST-MD5 [SASL(-13): user not found: no secret in 
database]
Jun 20 02:31:17 mail perl: NTLM client step 1
Jun 20 02:31:17 mail imap[18210]: NTLM server step 1
Jun 20 02:31:17 mail imap[18210]: client flags: 207
Jun 20 02:31:17 mail perl: NTLM client step 2
Jun 20 02:31:17 mail perl: No worthy mechs found 

Thank you for any help you might have with this issue!

Kind regards,

    -Shawn


More information about the Info-cyrus mailing list