SASLAUTH and cyrus

Alexander Dalloz ad+lists at uni-x.org
Sat Jul 23 16:52:10 EDT 2011


Am 23.07.2011 08:42, schrieb Maria McKinley:

> Thanks Alexander.
> 
> auth    sufficient      pam_unix.so
> auth    sufficient      pam_ldap.so try_first_pass
> auth    required        pam_deny.so
> account sufficient      pam_unix.so
> account sufficient      pam_ldap.so
> account required        pam_deny.so
> 
> So, I checked in ldap, and the postmaster user exists, but not the cyrus 
> user. So, that seems to be why I can't authenticate as cyrus. So the 
> user cyrus does exist, but not in ldap. Not sure how important it is 
> that cyrus exists in ldap, since things seem to be working fine (I use 
> the postmaster user for logging into cyradm anway), and I don't think 
> that has anything to do with the error message I'm seeing.

Great you figured out that part.

> Jul 22 08:41:59 ella cyrus/imaps[29387]: Fatal error:
> tls_start_servertls() failed
> 
> This does not seem to affect accessing mail, but still I find it 
> worrisome when I run across it in the logfiles. It seems I must have 
> something configured incorrectly, but not sure where to go from here.

Unfortunately you did not provide details about your cyrus-imapd setup
regarding IMAP/POP3 service, as much as I can see. I mean your cyrus.conf.

Are you running IMAP/POP3 on TLS or SSL?

Can it be that clients try to access the SSL service by trying TLS? That
could explain the error loggings.

You can test that yourself, if you run IMAP/SSL or POP3/SSL.

openssl s_client -connect <yourhost>:993 -starttls imap

That should generate the same error you see in your log. Don't know how
big your environment is and how many clients connect. If it is just you,
then verify the settings of your MUA.

> ~maria

Alexander


More information about the Info-cyrus mailing list