SASLAUTH and cyrus

Maria McKinley maria at shadlen.org
Fri Jul 22 15:49:42 EDT 2011 

I am having a weirdness in my cyrus installation. I am getting messages 
in the logs:

Jul 22 08:41:59 ella cyrus/imaps[29387]: Fatal error: 
tls_start_servertls() failed

Weirdly, this does not seem to actually affect performance, so maybe I 
shouldn't even be worrying about this. But, I did try to do some 
troubleshooting. I used imtest and found this:

ella:~# imtest -m plain -u cyrus -a cyrus -s localhost
verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK ella Cyrus IMAP4 v2.2.13-Debian-2.2.13-14+lenny4 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID 
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN 
AUTH=LOGIN SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAa2FwcGE=
S: A01 NO authentication failure
Authentication failed. generic failure
Security strength factor: 256
^C^CC: Q01 LOGOUT
Connection closed.

This appears to be a username/password problem, rather than an 
installation problem, since things work fine for postmaster:

ella:~# imtest -m plain -u postmaster -a postmaster -s localhost
 
                   SASLPASSWD2(8)

verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK ella Cyrus IMAP4 v2.2.13-Debian-2.2.13-14+lenny4 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID 
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN 
AUTH=LOGIN SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN cG9zdG1hc3RlcgBwb3N0bWFzdGVyAGthcHBh
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
^CC: Q01 LOGOUT
Connection closed.

So I did a check of users, and thought I had figured out the problem. 
cyrus was tied to an old hostname:

ella:~# sasldblistusers2
postmaster at ella: userPassword
cyrus at montoya: userPassword

But, when I created cyrus at ella, and deleted cyrus at montoya using 
saslpasswd2, this did not solve the problem. Both are listed in 
imapd.conf as admins. Any ideas about what could be going on? I have a 
memory that I am not using imaps port, but instead using a secure 
connection over the imap port, but the error message still bugs me, and 
I would like to get to the bottom of it. I'm afraid that with that last 
sentence it becomes obvious I haven't looked at this in a while, and 
have probably forgotten some key points about cyrus configuration. Some 
hints about where to go hunting would be most appreciated.

thanks,
maria

More information about the Info-cyrus mailing list