IMAPD "Authentication failed. generic failure"

J.J. Day day1234 at hotmail.com
Mon Mar 17 22:44:36 EDT 2008 


----------------------------------------
> CC: info-cyrus at lists.andrew.cmu.edu
> From: wes at umich.edu
> Subject: Re: IMAPD "Authentication failed. generic failure"
> Date: Mon, 17 Mar 2008 18:00:28 -0400
> To: day1234 at hotmail.com
>
> First failure:
>
> On 17 Mar 2008, at 17:18, J.J. Day wrote:
>> C: A01 AUTHENTICATE PLAIN
>> S: A01 NO no mechanism available
>
>> Mar 17 14:34:11 dc-mail imaps[5423]: badlogin: dc-mail.training.int
>> [192.168.251.3] PLAIN [SASL(-4): no mechanism available: Couldn't
>> find mech PLAIN]
>
> PLAIN authN wasn't an option.  Presumably you get this error because
> you haven't allowed plain text authN and aren't using TLS.
>
> Second failure:
>
>> C: S01 STARTTLS
>> S: S01 OK Begin TLS negotiation now
>> C: C01 CAPABILITY
>> S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID ACL RIGHTS=kxte QUOTA
>> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT
>> CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
>> THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH
>> S: C01 OK Completed
>> Please enter your password:
>> C: L01 LOGIN cyrus {5}
>> S: + go ahead
>> C:
>> S: L01 NO Login failed: authentication failure
>
>> Mar 17 14:44:45 dc-mail imap[5444]: badlogin: localhost [127.0.0.1]
>> plaintext cyrus SASL(-13): user not found: checkpass failed
>
>
> This implies that you typed the password wrong, which is always
> possible :)  I'd probably examine your SASL auxprop configs, tho,
> since imap complains that it can't find your auxprop plugin.
>

Okay!!
Still not able to log in but found part of the problem. The permissions on the symlnk from /usr/lib/sasl2 -> /usr/local/lib/sasl2 were 700. Changed to 755 and now get a more reasonable capabilities list:

S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=LOGIN AUTH=PLAIN AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR] D-Y-C Mail Server Cyrus IMAP4 v2.3.11 server ready

But imapd.log now shows "user not found":

Mar 17 20:19:38 dc-mail master[6032]: about to exec /usr/local/cyrus/bin/imapd
Mar 17 20:19:39 dc-mail imap[6032]: executed
Mar 17 20:19:39 dc-mail imap[6032]: accepted connection
Mar 17 20:19:39 dc-mail imap[6032]: TLS server engine: cannot load CA data
Mar 17 20:19:39 dc-mail imap[6032]: TLS server engine: No CA file specified. Client side certs may not work
Mar 17 20:19:39 dc-mail imap[6032]: mystore: starting txn 2147483673
Mar 17 20:19:39 dc-mail imap[6032]: mystore: committing txn 2147483673
Mar 17 20:19:39 dc-mail imap[6032]: SSL_accept() succeeded -> done
Mar 17 20:19:39 dc-mail imap[6032]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication
Mar 17 20:19:39 dc-mail imap[6032]: badlogin: localhost [127.0.0.1] plaintext cyrus SASL(-13): user not found: checkpass failed
Mar 17 20:21:34 dc-mail master[5399]: process 6032 exited, status 0

FWIW;
[root at dc-mail ~]# sasldblistusers2
cyrus at dc-mail.training.int: userPassword
root at dc-mail.training.int: userPassword
[root at dc-mail ~]#

But when I delete a listed user, I still get the auth.log message:
Mar 17 20:29:58 dc-mail saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found


> :wes
>
> ps I think servername: ought to be something in DNS, i.e., "D-Y-C
> Mail Server" is a poor choice.

Isn't this just a descriptive clause for user identification?


lib/sasl2 listing is:
=======================
[root at dc-mail ~]# ls /usr/lib/sasl2
lrwxr-xr-x  1 root  wheel  20 Mar 13 19:33 /usr/lib/sasl2@ -> /usr/local/lib/sasl2
[root at dc-mail ~]# ls /usr/lib/sasl2/
total 304
drwxr-xr-x  2 root  wheel   1024 Mar 15 22:20 ./
drwxr-xr-x  8 root  wheel   1536 Mar 15 22:43 ../
-rw-r--r--  1 root  wheel  11656 Mar 15 22:20 libanonymous.a
-rwxr-xr-x  1 root  wheel    829 Mar 15 22:20 libanonymous.la*
lrwx------  1 root  wheel     17 Mar 15 22:20 libanonymous.so@ -> libanonymous.so.2
-rwxr-xr-x  1 root  wheel  14883 Mar 15 22:20 libanonymous.so.2*
-rw-r--r--  1 root  wheel  13782 Mar 15 22:20 libcrammd5.a
-rwxr-xr-x  1 root  wheel    815 Mar 15 22:20 libcrammd5.la*
lrwx------  1 root  wheel     15 Mar 15 22:20 libcrammd5.so@ -> libcrammd5.so.2
-rwxr-xr-x  1 root  wheel  17088 Mar 15 22:20 libcrammd5.so.2*
-rw-r--r--  1 root  wheel  42180 Mar 15 22:20 libdigestmd5.a
-rwxr-xr-x  1 root  wheel    838 Mar 15 22:20 libdigestmd5.la*
lrwx------  1 root  wheel     17 Mar 15 22:20 libdigestmd5.so@ -> libdigestmd5.so.2
-rwxr-xr-x  1 root  wheel  44585 Mar 15 22:20 libdigestmd5.so.2*
-rw-r--r--  1 root  wheel  20328 Mar 15 22:20 libgssapiv2.a
-rwxr-xr-x  1 root  wheel    891 Mar 15 22:20 libgssapiv2.la*
lrwx------  1 root  wheel     16 Mar 15 22:20 libgssapiv2.so@ -> libgssapiv2.so.2
-rwxr-xr-x  1 root  wheel  24478 Mar 15 22:20 libgssapiv2.so.2*
-rw-r--r--  1 root  wheel  11858 Mar 15 22:20 liblogin.a
-rwxr-xr-x  1 root  wheel    809 Mar 15 22:20 liblogin.la*
lrwx------  1 root  wheel     13 Mar 15 22:20 liblogin.so@ -> liblogin.so.2
-rwxr-xr-x  1 root  wheel  15118 Mar 15 22:20 liblogin.so.2*
-rw-r--r--  1 root  wheel  11986 Mar 15 22:20 libplain.a
-rwxr-xr-x  1 root  wheel    809 Mar 15 22:20 libplain.la*
lrwx------  1 root  wheel     13 Mar 15 22:20 libplain.so@ -> libplain.so.2
-rwxr-xr-x  1 root  wheel  15112 Mar 15 22:20 libplain.so.2*
-rw-r--r--  1 root  wheel  18660 Mar 15 22:20 libsasldb.a
-rwxr-xr-x  1 root  wheel    851 Mar 15 22:20 libsasldb.la*
lrwx------  1 root  wheel     14 Mar 15 22:20 libsasldb.so@ -> libsasldb.so.2
-rwxr-xr-x  1 root  wheel  19613 Mar 15 22:20 libsasldb.so.2*
[root at dc-mail ~]#

_________________________________________________________________
Helping your favorite cause is as easy as instant messaging. You IM, we give.
http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join

More information about the Info-cyrus mailing list