sieve authentication

Mike Husmann husmann at morningside.edu
Fri Sep 15 09:13:04 EDT 2006


>
> Hmm, I don't see a reason, why sieve-logins from a Remote-Machine can fail.
>
> Except for the Remote-Machine(s) itself. You have the Server configured to
> offer "PLAIN" to the Clients. Check if the Clients have the Cyrus-SASL
> Mechanism PLAIN (libplain.*) installed.
>
> If PLAIN is installed, the next step would be to use a network-sniffer and
> look for the Dialog between Server and Client.

This is where things get weird..

If I do a sivtest from a remote machine, here is the result:
---
sivtest -a bebo -u bebo imap.morningside.edu
S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12"
S: "SASL" "PLAIN"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational
comparator-i;ascii-numeric regex"
S: "STARTTLS"
S: OK
Authentication failed. no mechanism available
Security strength factor: 0
C: LOGOUT
Connection closed.
---

On the local machine, this works fine, and prompts for a password.  But from what
I'm seeing here, it's dropping the connection because it doesn't think there are any
auth mechs available...?

sieveshell has a similar result:
---
\>sieveshell -a bebo -u bebo imap.morningside.edu
connecting to imap.morningside.edu
unable to connect to server at /usr/bin/sieveshell line 169.
---
  This is different from the others that include a line about <STDIN> (password). 
Once again, the server drops the connection before it has a chance to
authenticate.

My /etc/pam.d/sieve looks like:
#%PAM-1.0
auth       required     pam_nologin.so
auth       sufficient   pam_ldap.so
auth       required     pam_pwdb.so shadow nodelay
account    required     pam_pwdb.so
session    required     pam_pwdb.so

And the strangest part of this whole deal is that it has worked flawlessly, as it is
set up now, since April.

Mike




More information about the Info-cyrus mailing list