anthentication problem

Guillaume Nadot gnadot at cirb.irisnet.be
Mon Sep 10 09:05:59 EDT 2007


On Friday 07 September 2007 19:21:19 Andrew Morgan wrote:
> On Fri, 7 Sep 2007, Guillaume Nadot wrote:
> > Dear list,
> >
> > The problem is that I cannot use the email address of the user to perform
> > their logins.
> >
> > Let me explain :
> >
> > I have succesfully setup cyrus with virtual domains,
> > I use sasl with pam for the authentication,
> > pam use ldap and use the email adress of the user as pam_login_attribute
> > ( pam_login_attribute mail in /etc/ldap.conf ).
> >
> > When I run the command testsaslauthd -u bill at truc.com -p password, it
> > returns 0: OK "Success."
> >
> > When I want to perform a login on cyrus, it fails here is the log :
> > Sep  7 15:50:40 imaptest pop3[5130]: badlogin: [192.168.34.208] plaintext
> > bill at truc.com SASL(-13): authentication failure: checkpass failed.
> >
> > If I try to log on cyrus using bill at truc.com@truc.com, I can see this in
> > the logs :
> > Sep  7 15:52:30 imaptestfrontend1 pop3[5135]: login: [192.168.34.208]
> > bill at truc.com@truc.com plaintext User logged in
> > Sep  7 15:52:33 imaptestfrontend1 pop3[5135]: Unable to locate maildrop
> > truc.com!: Invalid mailbox name
> >
> > The problem seems to be that when the user tries to authenticate, cyrus
> > splits the login in two parts : the username and the domain, and tries to
> > authenticate the user only with the local part of the mail adress.
> >
> > Is there anyway to telle cyrus not to split the login when passing the
> > username to sasl ?
> >
> > I'm using cyrus-imapd 2.3.7. on a RedHat 5 EL.
> >
> > Here is my imapd.conf :
> >
> > configdirectory: /var/lib/imap
> > partition-default: /var/spool/imap
> > admins: cyrus
> > sievedir: /var/lib/imap/sieve
> > sendmail: /usr/sbin/sendmail
> > hashimapspool: true
> > sasl_pwcheck_method: saslauthd
> > sasl_mech_list: PLAIN
> > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
> >
> > virtdomains: userid
>
> Try starting saslauthd with the "-r" argument.
>
>  	Andy

Thanks, it works now.

As testsaslauthd was working, I didn't think saslauthd was the problem.

- 
Guillaume Nadot	
System Engineer
CIRB - CIBG


More information about the Info-cyrus mailing list