Problem with SASL authentication after server move
Sandy Drobic
cyrus-info at japantest.homelinux.com
Mon Jun 19 15:19:28 EDT 2006
Shawn O'Connor wrote:
> All,
>
> I've been having a heck of a time after moving our cyrus imap server.
> For some reason, what had been working perfect is now no longer working.
>
> Is there something for which I should be looking in perhaps hostnames,
> DNS, IP addresses, or authentication realms that would affect
> authenticate after a server IP change?
>
> I'm experiencing the following problem on FreeBSD 6.0, with cyrus-sasl
> and saslauthd 2.1.21_1, and cyrus-imap-2.2.13_1:
>
> mail# testsaslauthd -u cyrus -p XXXXX
> saslauthd[18185] :get_accept_lock : acquired accept lock
> saslauthd[18184] :rel_accept_lock : released accept lock
> saslauthd[18184] :do_auth : auth failure: [user=cyrus]
> [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
> 0: NO "authentication failed"
> All the usernames and passwords are in sasldb2.
>
> Could it be that the realm is not set? If so, how do I set it?
The realm is usually the servername. So, if you changed the servername the
user won't match any more.
What does "sasldblistusers2" say about the realm? Try testsaslauthd with
the explicit realm as a parameter.
testsaslauthd -u cyrus -p xxxxx -s imap -r yourrealm
> Also I get this troublesome bit when I try to use cyradm:
>
> mail# cyradm --user=cyrus localhost
> Password:
> cyradm: cannot authenticate to server with as cyrus
> Segmentation fault (core dumped)
Can you log in as user cyrus?
Sandy
More information about the Info-cyrus
mailing list