sync_server and PLAIN mech...

Derek Chen-Becker dbecker at cpicorp.com
Fri Apr 2 00:50:58 EDT 2010


On 04/01/2010 10:02 PM, Dan White wrote:
> On 01/04/10 18:43 -0500, Derek Chen-Becker wrote:
>> I've been googling and reading the mailing lists all afternoon and I
>> just can't figure this out. I've even tried trussing (Solaris)
>> sync_server and saslauthd. When I run synctest against my 2.3.16 server
>> it comes back with an auth error:
>>
>> badlogin: mail.cpicorp.com [192.168.25.10] PLAIN [SASL(-4): no mechanism
>> available: Couldn't find mech PLAIN]
>>
>> Of course, if I use imtest to hit imapd on the same machine it logs in
>> fine with the PLAIN mech. I found a similar post on google, but I
>> couldn't find any resolution to the issue. One question would be whether
>> sync_server actually honors the /etc/imapd.conf sasl settings. In my
>> case, it's just:
>>
>> allowanonymouslogin: no
>> allowplaintext: yes
>> sasl_pwcheck_method: saslauthd
> 
> Use synctest (or telnet <host> csync) to visually verify that the PLAIN
> mechanism is being offered by the server:
> 
> dwhite at zek:~$ synctest localhost
> S: * SASL SRP DIGEST-MD5 PASSDSS-3DES-1 GSSAPI OTP NTLM CRAM-MD5 LOGIN
> PLAIN
> S: * OK zek Cyrus sync server v2.3.16
> 
> And verify that the host you're running sync_client on has the PLAIN mech
> installed with pluginviewer.

This looks bad:

bash-3.00# /usr/local/sbin/pluginviewer
No server side SASL mechanisms installed
Segmentation Fault (core dumped)

bash-3.00# /usr/cyrus/bin/synctest localhost
S: * STARTTLS
S: * OK mail.cpicorp.com Cyrus sync server v2.3.16
Authentication failed. generic failure
Security strength factor: 0
^CC: EXIT
Connection closed.

If I run imtest against the machine I'm seeing different output from
another Solaris 10 box that's running 2.3.15:

bash-3.00$ /usr/cyrus/bin/imtest -u dbecker -a dbecker -m PLAIN snmail
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS
COMPRESS=DEFLATE] mail.cpicorp.com Cyrus IMAP v2.3.16 server ready
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
^CC: Q01 LOGOUT
Connection closed.
-bash-3.00$ /usr/cyrus/bin/imtest -u dbecker -a dbecker -m PLAIN ssmail
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=LOGIN
AUTH=PLAIN SASL-IR COMPRESS=DEFLATE] mail.cpicorp.com Cyrus IMAP v2.3.15
server ready
Please enter your password:

The 2.3.16 box seems to be missing the AUTH=LOGIN, AUTH=PLAIN and
SASL-IR capabilities, but I've copied the configs verbatim from the
2.3.15 box. The only thing I can think of is that I've somehow missed
copying a config file somewhere. Worst case, maybe I'll try to build
2.3.15 on the box to make sure that that works properly before testing
out 2.3.16.


I feel like I must be missing something really simple here. All of the
plugins appear to be in place on the machine in question:

bash-3.00$ ls /usr/local/lib/sasl2/
libanonymous.la         libdigestmd5.so.2       libplain.la
libanonymous.so         libdigestmd5.so.2.0.22  libplain.so
libanonymous.so.2       libgssapiv2.la          libplain.so.2
libanonymous.so.2.0.22  libgssapiv2.so          libplain.so.2.0.22
libcrammd5.la           libgssapiv2.so.2        libsasldb.la
libcrammd5.so           libgssapiv2.so.2.0.22   libsasldb.so
libcrammd5.so.2         liblogin.la             libsasldb.so.2
libcrammd5.so.2.0.22    liblogin.so             libsasldb.so.2.0.22
libdigestmd5.la         liblogin.so.2           smtpd.conf
libdigestmd5.so         liblogin.so.2.0.22


Thanks,

Derek

-- 
----------------------------------------------------------------------
Derek Chen-Becker
Senior Network Engineer, Security Architect
CPI Corp, Inc.
1706 Washington Ave
St. Louis, MO 63103
Phone: 314-231-7711 x6455
Fax:   314-613-6724
dbecker at cpicorp.com
PGP Key available from public key servers
Fingerprint: E4C4 26C0 8588 E80A C29F  636D 1FBE 0FE3 2871 4AE8
----------------------------------------------------------------------


More information about the Info-cyrus mailing list