SASL and default domain

Andrew Morgan morgan at orst.edu
Mon Aug 20 09:43:34 EDT 2012 

On Sun, 19 Aug 2012, brian wrote:

> I'm having some trouble configuring SASL for a new server. Specifically,
> it seems, with realms. I'm now at the point where imtest works with the
> virtual domains but not with the default domain.
>
> I'm using sasldb through auxprop. In the past I've always done:
>
> saslpasswd2 -c username at DOMAIN.TLD
>
> But in order to get SASL working with Postfix this time I had to specify
> the realm with -u and use a bare account name:
>
> saslpasswd2 -c -u DEFAULT.TLD username
> saslpasswd2 -c -u VDOMAIN1.TLD username
> etc
>
> After days of struggle, I've got Postfix responding well when testing
> via telnet. The base64 hash was created with:
>
> perl -MMIME::Base64 -e 'print
> encode_base64("\000user\@DOMAIN.TLD\000password");'
>
> I mention all that because it seems as if realms are the issue. Or it
> was before and I suppose that's been resolved. Now it's just the default
> domain that's giving me problems. It's been days and days now and I'm so
> close that I'm reluctant to fiddle any more because I know that the
> chances are good that I'll make things worse (as I've probably
> repeatedly done already). I'd appreciate it if someone could suggest
> something to save the rest of my hair.
>
> FWIW, this server has no DNS records pointing to it yet. My goal is to
> get Postfix & Cyrus working to the point where I can use imapsync, then
> deal with DNS. This is what I've done in the past.
>
> (And imapsync is working now with the virtual domains.)
>
>
> $ hostname -f
> poseidon.DEFAULT.TLD
>
> $ imtest -v -m plain -a user at DEFAULT.TLD localhost
> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN
> AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR] poseidon Cyrus IMAP
> v2.4.12-Debian-2.4.12-2 server ready
> Please enter your password:
> C: A01 AUTHENTICATE PLAIN xxxxxxxxxxxxxxxxxxxxxxxx
> S: A01 NO authentication failure
> Authentication failed. generic failure
> Security strength factor: 0

Does it work if you use:

   imtest -v -m plain -a user -r DEFAULT.TLD localhost


 	Andy

More information about the Info-cyrus mailing list