anthentication problem

Guillaume Nadot gnadot at cirb.irisnet.be
Fri Sep 7 09:56:11 EDT 2007


Dear list,

The problem is that I cannot use the email address of the user to perform 
their logins.

Let me explain :

I have succesfully setup cyrus with virtual domains,
I use sasl with pam for the authentication, 
pam use ldap and use the email adress of the user as pam_login_attribute ( 
pam_login_attribute mail in /etc/ldap.conf ).

When I run the command testsaslauthd -u bill at truc.com -p password, it returns 
0: OK "Success."

When I want to perform a login on cyrus, it fails here is the log :
Sep  7 15:50:40 imaptest pop3[5130]: badlogin: [192.168.34.208] plaintext 
bill at truc.com SASL(-13): authentication failure: checkpass failed.

If I try to log on cyrus using bill at truc.com@truc.com, I can see this in the 
logs :
Sep  7 15:52:30 imaptestfrontend1 pop3[5135]: login: [192.168.34.208] 
bill at truc.com@truc.com plaintext User logged in
Sep  7 15:52:33 imaptestfrontend1 pop3[5135]: Unable to locate maildrop 
truc.com!: Invalid mailbox name

The problem seems to be that when the user tries to authenticate, cyrus splits 
the login in two parts : the username and the domain, and tries to 
authenticate the user only with the local part of the mail adress.

Is there anyway to telle cyrus not to split the login when passing the 
username to sasl ?

I'm using cyrus-imapd 2.3.7. on a RedHat 5 EL.

Here is my imapd.conf :

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt

virtdomains: userid


Thanks,                                           


-- 
Guillaume Nadot	
System engineer
CIRB - CIBG


More information about the Info-cyrus mailing list