Authentication problem
Simon Matter
simon.matter at invoca.ch
Mon Jun 9 05:45:57 EDT 2008
> --- Simon Matter <simon.matter at invoca.ch> wrote:
>
> - snip -
>
>> > Please advise where shall I check and how to fix the problem. TIA
>>
>> You should post your configs (/etc/cyrus.conf and /etc/imapd.conf)
>> which
>> will make it easier for someone to help you.
>
>
> Hi Simon,
>
>
> cyrus.conf and imapd.conf are as follows. Those lines, commented out,
> have been deleted to shorten the length of this posting.
OK, since you are using saslauthd you should also post the saslauthd and
related configs (PAM or whatever mech you are using).
Simon
>
>
> $ cat /etc/cyrus.conf
> # Debian defaults for Cyrus IMAP server/cluster implementation
> # see cyrus.conf(5) for more information
> #
> # All the tcp services are tcpd-wrapped. see hosts_access(5)
> # $Id: cyrus.conf 120 2005-05-01 03:23:18Z sven $
>
> START {
> # do not delete this entry!
> recover cmd="/usr/sbin/ctl_cyrusdb -r"
>
> # this is only necessary if using idled for IMAP IDLE
> # this is NOT to be enabled right now in Debian builds
> #idled cmd="idled"
>
> # this is useful on backend nodes of a Murder cluster
> # it causes the backend to syncronize its mailbox list with
> # the mupdate master upon startup
> #mupdatepush cmd="/usr/sbin/ctl_mboxlist -m"
>
> # this is recommended if using duplicate delivery suppression
> delprune cmd="/usr/sbin/ctl_deliver -E 3"
> # this is recommended if caching TLS sessions
> tlsprune cmd="/usr/sbin/tls_prune"
> }
>
> # UNIX sockets start with a slash and are absolute paths
> # you can use a maxchild=# to limit the maximum number of forks of a
> service
> # you can use babysit=true and maxforkrate=# to keep tight tabs on the
> service
> # most services also accept -U (limit number of reuses) and -T
> (timeout)
> SERVICES {
> # --- Normal cyrus spool, or Murder backends ---
> # add or remove based on preferences
> imap cmd="imapd -U 30" listen="imap" prefork=0
> maxchild=100
> imaps cmd="imapd -s -U 30" listen="imaps" prefork=0
> maxchild=100
> #pop3 cmd="pop3d -U 30" listen="pop3" prefork=0
> maxchild=50
> #pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0
> maxchild=50
>
>
> #nntp cmd="nntpd -U 30" listen="nntp" prefork=0
> maxchild=100
> #nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0
> maxchild=100
>
> # At least one form of LMTP is required for delivery
> # (you must keep the Unix socket name in sync with imap.conf)
> #lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0
> maxchild=20
> lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp"
> prefork=0 maxchild=20
> # ----------------------------------------------
>
> # useful if you need to give users remote access to sieve
> # by default, we limit this to localhost in Debian
> sieve cmd="timsieved" listen="localhost:sieve"
> prefork=0 maxchild=100
>
> # this one is needed for the notification services
> notify cmd="notifyd"
> listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
>
> # --- Murder frontends -------------------------
>
> - snip -
>
>
> # ----------------------------------------------
> }
>
> EVENTS {
> # this is required
> checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30
>
> # this is only necessary if using duplicate delivery
> suppression
>
>
> delprune cmd="/usr/sbin/ctl_deliver -E 3" at=0401
>
> # this is only necessary if caching TLS sessions
> tlsprune cmd="/usr/sbin/tls_prune" at=0401
> }
>
> admins: cyrus
> unixhierarchysep: 1
> * end *
>
>
>
> $ cat /etc/imapd.conf
> # Debian Cyrus imapd.conf
> # $Id: imapd.conf 229 2005-12-08 23:26:29Z astronut $
> # See imapd.conf(5) for more information and more options
>
> # Configuration directory
> configdirectory: /var/lib/cyrus
>
> # Which partition to use for default mailboxes
> defaultpartition: default
> partition-default: /var/spool/cyrus/mail
>
> # News setup
> partition-news: /var/spool/cyrus/news
> newsspool: /var/spool/news
>
> # Alternate namespace
> # If enabled, activate the alternate namespace as documented in
> # /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an user's
> # subfolders are in the same level as the INBOX
> # See also userprefix and sharedprefix on imapd.conf(5)
> altnamespace: no
>
> # UNIX Hierarchy Convention
> # Set to yes, and cyrus will accept dots in names, and use the forward
> # slash "/" to delimit levels of the hierarchy. This is done by
> converting
> # internally all dots to "^", and all "/" to dots. So the
> "rabbit.holes"
> # mailbox of user "helmer.fudd" is stored in
> "user.elmer^fud.rabbit^holes"
> unixhierarchysep: yes
>
>
> - snip -
>
>
> # Uncomment the following and add the space-separated users who
> # have admin rights for all services.
> admins: cyrus
>
>
> - sni -
>
>
> # No anonymous logins
> #allowanonymouslogin: no
> allowanonymouslogin: yes
>
> # Minimum time between POP mail fetches in minutes
> popminpoll: 1
>
> # If nonzero, normal users may create their own IMAP accounts by
> creating
> # the mailbox INBOX. The user's quota is set to the value if it is
> positive,
> # otherwise the user has unlimited quota.
> autocreatequota: 0
>
> # umask used by Cyrus programs
> umask: 077
>
> - snip -
>
> # If enabled, cyrdeliver will look for Sieve scripts in user's home
> # directories: ~user/.sieve.
> sieveusehomedir: false
>
> # If sieveusehomedir is false, this directory is searched for Sieve
> scripts.
> sievedir: /var/spool/sieve
>
>
> - snip -
>
>
> # If enabled, the partitions will also be hashed, in addition to the
> hashing
> # done on configuration directories. This is recommended if one
> partition has a
> # very bushy mailbox tree.
> hashimapspool: true
>
> # Allow plaintext logins by default (SASL PLAIN)
> allowplaintext: yes
>
> # Force PLAIN/LOGIN authentication only
> # (you need to uncomment this if you are not using an auxprop-based
> SASL
> # mechanism. saslauthd users, that means you!). And pay attention to
> # sasl_minimum_layer and allowapop below, too.
> #sasl_mech_list: PLAIN
>
>
> - snip -
>
>
> # Do note that, since sasl will be run as user cyrus, you may have a
> lot of
> # trouble to set this up right.
> #sasl_pwcheck_method: auxprop
> sasl_pwcheck_method: saslauthd
>
> # What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop
> # by default, all plugins are tried (which is probably NOT what you
> want).
> #sasl_auxprop_plugin: sasldb
>
> # If enabled, the SASL library will automatically create authentication
> secrets
> # when given a plaintext password. Refer to SASL documentation
> sasl_auto_transition: no
>
> #
> # SSL/TLS Options
> #
>
> - snip -
>
>
> # File containing one or more Certificate Authority (CA) certificates.
> #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem
>
> # Path to directory with certificates of CAs.
> tls_ca_path: /etc/ssl/certs
>
> # The length of time (in minutes) that a TLS session will be cached for
> later
> # reuse. The maximum value is 1440 (24 hours), the default. A value
> of 0 will
> # disable session caching.
> tls_session_timeout: 1440
>
> # The list of SSL/TLS ciphers to allow, in decreasing order of
> precedence.
> # The format of the string is described in ciphers(1). The Debian
> default
> # selects TLSv1 high-security ciphers only, and removes all anonymous
> ciphers
> # from the list (because they provide no defense against
> man-in-the-middle
> # attacks). It also orders the list so that stronger ciphers come
> first.
> tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
>
>
> - snip -
>
>
> ## KEEP THESE IN SYNC WITH cyrus.conf
> ##
> # Unix domain socket that lmtpd listens on.
> lmtpsocket: /var/run/cyrus/socket/lmtp
>
> # Unix domain socket that idled listens on.
> idlesocket: /var/run/cyrus/socket/idle
>
> # Unix domain socket that the new mail notification daemon listens on.
> notifysocket: /var/run/cyrus/socket/notify
>
> # Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap
> etc.)
> syslog_prefix: cyrus
>
>
> - snip -
> * end *
>
>
> B.R.
> Stephen L
>
>
> Send instant messages to your online friends http://uk.messenger.yahoo.com
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
More information about the Info-cyrus
mailing list