"imtest" and virtual domains
Michael O'Rourke
orourke.michael at gmail.com
Sun Mar 26 10:41:54 EST 2006
On 3/26/06, Gilles <gilles at harfang.homelinux.org> wrote:
> Hello.
>
> I finally got to the point where I'm testing the IMAP server.
>
> Trying
>
> $ imtest -a 'gilles at harfang.homelinux.org' -s -p 993 -m plain mail
> verify error:num=19:self signed certificate in certificate chain
> TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
> S: * OK mail.harfang.homelinux.org Cyrus IMAP4 v2.2.12-Debian-2.2.12-4 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=GSSAPI AUTH=PLAIN SASL-IR
> S: C01 OK Completed
> Please enter your password:
> C: A01 AUTHENTICATE PLAIN AGdpbGxlc0BoYXJmYW5nLmhvbWVsaX51eC5vcmcAazk0bmRyNGxkYXA=
> S: A01 NO authentication failure
> Authentication failed. generic failure
> Security strength factor: 256
>
> [Then Ctrl-D to logout (or "* BAD Invalid tag": What does that mean?).]
>
> And in the log file:
>
> auth.info: Mar 26 12:01:16 saslauthd[5925]: do_auth : auth failure: [user=gilles] [service=imap] [realm=harfang.homelinux.org] [mech=ldap] [reason=Unknown]
> auth.debug: Mar 26 12:01:16 saslauthd[5925]: do_request : response: NO
> auth.notice: Mar 26 12:01:16 cyrus/imaps[23395]: Password verification failed
>
> The user name has been split in two ("user" and "realm"), whereas the mailbox
> was created with "cm user.gilles at harfang.homelinux.org" as indicated in the
> doc for virtual domains.
>
> All by itself authentication succeeds:
>
> $ testsaslauthd -u 'gilles at harfang.homelinux.org' -p '<mypasswd>'
> 0: OK "Success."
>
>
> What's the correct way to pass on "virtual" user names for authentication
> (and, hopefully, access to the mailbox)?
>
>
> Thanks,
> Gilles
> ----
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
Hello Gilles,
Try starting your saslauthd with the "-r" option. This combines the
username and realm with an "@" between them. You may also need to
change the LDAP filter in saslauthd.conf; I can't remember. Read the
manpage for saslauthd to see all the options.
Mike.
More information about the Info-cyrus
mailing list