troubles with cyradm

Craig White craigwhite at azapple.com
Sat Oct 11 01:45:46 EDT 2008 

On Sat, 2008-10-11 at 01:29 -0400, brian ally wrote:
> Fedora 8
> # rpm -qa | grep cyrus
> cyrus-sasl-lib-2.1.22-8.fc8
> cyrus-sasl-plain-2.1.22-8.fc8
> cyrus-imapd-utils-2.3.11-1.fc8
> cyrus-sasl-devel-2.1.22-8.fc8
> cyrus-sasl-2.1.22-8.fc8
> cyrus-sasl-md5-2.1.22-8.fc8
> cyrus-imapd-perl-2.3.11-1.fc8
> cyrus-imapd-2.3.11-1.fc8
> 
> # cat /etc/imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: sasldb2
> sasldb_path: /etc/sasldb2
> sasl_mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5
> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
> 
> # cat /usr/lib/sasl2/smtpd.conf 
> pwcheck_method: auxprop
> mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5
> 
> I'm going around in circles here trying to figure out how to
> authenticate with cyradm. I'd like to use sasldb and so have created
> an entry there for the cyrus user. And I've disabled saslauthd.
> Whatever I've tried so far has failed. And, frankly, I'm very confused
> about how this is supposed to work. For instance, some info I've found
> online tells me to create an entry in /etc/paswd for the cyrus user,
> while other sources don't mention that.
> 
> So, for the following, PASS1 is what i have in /etc/passwd and PASS2
> was given to saslpasswd2 -c cyrus
> 
> -- snip --
> # cyradm --user=cyrus --server=localhost --auth=plain
> verify error:num=18:self signed certificate
> Password: PASS1
> IMAP Password: PASS2
>               Login failed: authentication failure
> at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 119
> cyradm: cannot authenticate to server with plain as cyrus
> -- snip --
> 
> /var/log/messages says:
> perl: No worthy mechs found
> 
> From what I understand google is telling me, the "verify error" line
> can be ignored for now. If not, stop me now.
> 
> I try LOGIN:
> 
> -- snip --
> # cyradm --user=cyrus --server=localhost --auth=login
> verify error:num=18:self signed certificate
> IMAP Password: PASS2
>               Login failed: authentication failure
> at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 119
> cyradm: cannot authenticate to server with login as cyrus
> -- snip --
> 
> This time, there's no entry in /var/log/messages
> 
> I came across this while searching and thought I'd give it a try:
> 
> cyradm --user=cyrus --tls localhost
> cyradm>
> 
> This time, no password prompt (contrary to the example I saw) and I
> appear to be in. However, if I try any commands it complains that
> there's no connection:
> 
> cyradm> cm user.USER at MYDOMAIN
> createmailbox: no connection to server
> 
> Long story short: how the heck should I be connecting to cyradm if I'm
> using sasldb2? What's this, "No worthy mechs " about? Is there yet
> another config file to adjust?
> 
> Sorry for the long post. I've scrolled through so many things online
> but most of the examples are just a little bit different from my setup
> (eg. LDAP, MySQL, etc.) and so wanted to try to spell it out as
> clearly as possible.
> 
> Of course, if I've left out any crucial information ...
----
start slowly...

/etc/imapd.conf

sasl_mech_list: PLAIN

and are you sure you want to use sasldb? If so, you would have to add
each user/password (including cyrus) to that db.

also, what's in /etc/sysconfig/saslauthd and is saslauthd service
running?

Craig

More information about the Info-cyrus mailing list