Basic configuration

Sam Przyswa samp at arial-concept.com
Wed Jul 25 17:41:26 EDT 2007


Michael Menge a écrit :
> Hi,
>
> 1. there is no "AUTH=" in the CAPABILITY at all, so i think you have 
> not installed sasl_plain. I don't use Debian or Ubunto so i don't know 
> the packagename but Google hints to libsasl2-modules,

I already HAVE the libsasl2 last version installed !

>
> If you don't set sasl_mech_list you should be able to use the 
> mechanism "AUTH=LOGIN"

I unset sasl_mech_list (commented) but when I connect to server I got:

Jul 25 22:57:55 localhost cyrus/imap[26614]: badlogin: [10.8.0.10] 
plaintext przyswa SASL(-1): generic failure: checkpass failed

> Quoting Sam Przyswa <samp at arial-concept.com>:
>
>> Michael Menge a écrit :
>>> Hi,
>>>
>>> You may check the following points.
>>>
>>> 1.) You set sasl_mech_list: plain
>>
>> That's it !
>>
>>>
>>> The mechanism plain is an extra sasl library, you may have to install.
>>> You force the use of plain even if better mechanism would be availible,
>>> but if the sasl_plain library is not installed you have no mechanism
>>> for authendification at all. You can use imtest to debug the login
>>> procedure.
>>> The CAPABILITY string must say AUTH=PLAIN.
>>
>> The imtest give me:
>>
>> CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
>> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
>> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
>>
>> I don't see AUTH=PLAIN !
>>
>
>
> Your login problems don't depend on the securety layer,
>
>
>>> 2.) Activate imaps and test the login with
>>>
>>> imtest -a USERID localhost
>>
>>
>>> imtest -t '' -a USERID localhost
>>> imtest -s -a USERID localhost
>>>
>
> Your PAM config looks fine.
>
>>> 3.) if you use PAM,
>
>
>> Yes but always the same result, I use saslauthd 2.1.22 Ubuntu able to
>> authentication mechanisms: sasldb getpwent kerberos5 pam rimap shadow
>> ldap
>>
>
> There sasldb getpwent kerberos5 pam rimap shadow are all places where 
> the passwd is stored. But PLAIN, LOGIN, GSSAPI, CRAMMD5 are mechanisms 
> to use fore authentification. The may not be part of the installed 
> sasl package but in an extra package.
>
> In SuSE they are in
>
> cyrus-sasl-crammd5
> cyrus-sasl-gssapi
> cyrus-sasl-plain

I tested saslauthd with:

testsaslauthd -u przyswa -p xxxxxxxx
0: OK "Success."

But we use the regular sasl2, the only cyrus-sasl we found it's 
cyrus-sasl-dbg who put his file into /usr/lib/debug/usr

It seems that the problem is not from the SASL libs but from Cyrus...

After long search on this problem I found several persons that never 
succeed to make Cyrus working, I think it will be useful to package a 
basic Cyrus config able to run it in PLAIN regular password as Courier, 
Dovecot, to test it.

At this time I can't use cyradm or Webmin module because unknown admin 
password never set anywhere !?

I can't tell if Cyrus is a good or a bad imap application, just say it 
don't work (for me).

Thanks anyway.

Sam.


-- 
Ce message a été vérifié par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a été trouvé.



More information about the Info-cyrus mailing list