Allow PLAIN login cyrus 2.2.12

Manel Gimeno Zaragozá magiza83 at hotmail.com
Mon Feb 13 11:22:49 EST 2012


Hello,



I've execute testsaslauthd as cyrus user a it's OK





[root log]# su - cyrus


[cyrus1 ~]$ /usr/sbin/testsaslauthd -u test-adm -p password


0: OK "Success."



On the other hand, I've done some test and I've execute imtest getting the following:



# imtest -m plain 192.168.65.130 -a cyrus

S: * OK Datadec-Online Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready

C: C01 CAPABILITY

S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE 
LISTEXT LIST-SUBSCRIBED X-NETSCAPE

S: C01 OK Completed

C: A01 AUTHENTICATE PLAIN

S: A01 NO encryption needed to use mechanism

Authentication failed. generic failure

Security strength factor: 0

. login test-adm password

. OK User logged in

C: Q01 LOGOUT

Connection closed.



=========log==============

Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: telling master 2

Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: accepted connection

Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: telling master 3

Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 pid 29801 in READY state: now unavailable and in BUSY state

Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 now has 1 ready workers

Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 pid 29801 in BUSY state: now serving connection

Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 now has 1 ready workers

*Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: badlogin: 
xmlfrwk.pre.datadec-online.com [192.168.65.130] PLAIN [SASL(-16): 
encryption needed to use mechanism: security flags do not match 
required]

*Feb 13 17:16:11 srv-vln-pre1 imap1[29801]: login: 
xmlfrwk.pre.datadec-online.com [192.168.65.130] test-adm plaintext User 
logged in

==========================



As you can see on the first try I get "badlogin" but when I try ". login test-adm password" I'm able to log in.



Regards.



> Date: Mon, 13 Feb 2012 09:49:45 -0600
> From: dwhite at olp.net
> To: magiza83 at hotmail.com
> CC: info-cyrus at lists.andrew.cmu.edu; awilliam at whitemice.org
> Subject: Re: Allow PLAIN login cyrus 2.2.12
> 
> On 02/13/12 16:02 +0100, Manel Gimeno Zaragozá wrote:
> >
> >Hello,
> >
> >I've tried adding "asterisk" lines but nothing changes:
> >
> >=====imapd.conf====
> >sasl_pwcheck_method: saslauthd
> >sasl_mech_list: PLAIN
> >*sasl_minimum_layer:  0
> >
> >=====saslauthd.conf=====
> >ldap_servers: ldap://ldap.ldaptest.com:389/ ldap://srv-ln-repli1.ldaptest:389/
> >ldap_search_base: ou=pre_test,dc=org
> >ldap_bind_dn: cn=admin
> >ldap_password: password
> >ldap_scope: sub
> >ldap_filter: (|(cn=%U@%d)(uid=%u))
> >*ldap_auth_method: plain
> >
> >I'm still not able to log in#
> >
> >#imtest -m plain 192.168.1.5 -a test-adm
> >      S: * OK Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
> >      C: C01 CAPABILITY
>
 >      S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ 
MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT 
CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT       
THREAD=REFERENCES ANNOTATEMORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE
> >      S: C01 OK Completed
> >      [Server did not advertise AUTH=PLAIN]
> >      Authentication failed. generic failure
> >      Security strength factor: 0
> 
> On 02/13/12 12:55 +0100, Manel Gimeno Zaragozá wrote:
> >I can connect via testsaslauthd:
> >#testsaslauthd -u test-adm -p password
> >        0: OK "Success."
> >
> 
> Check your syslog for any errors (auth facility). Verify that the user
> which imapd is running under has permissions to access the saslauthd mux.
> One way to verify that is with:
> 
> sudo -u cyrus testsaslauthd -u test-adm -p password
> 
> You may need to set:
> 
> sasl_saslauthd_path: </full/path/to/saslauthd/mux>/mux
> 
> Within imapd.conf. But your logs will provide an appropriate error if that
> option is needed.
> 
> -- 
> Dan White

Manel Gimeno Zaragoza
magiza83 at hotmail.com


> Date: Mon, 13 Feb 2012 09:49:45 -0600
> From: dwhite at olp.net
> To: magiza83 at hotmail.com
> CC: info-cyrus at lists.andrew.cmu.edu; awilliam at whitemice.org
> Subject: Re: Allow PLAIN login cyrus 2.2.12
> 
> On 02/13/12 16:02 +0100, Manel Gimeno Zaragozá wrote:
> >
> >Hello,
> >
> >I've tried adding "asterisk" lines but nothing changes:
> >
> >=====imapd.conf====
> >sasl_pwcheck_method: saslauthd
> >sasl_mech_list: PLAIN
> >*sasl_minimum_layer:  0
> >
> >=====saslauthd.conf=====
> >ldap_servers: ldap://ldap.ldaptest.com:389/ ldap://srv-ln-repli1.ldaptest:389/
> >ldap_search_base: ou=pre_test,dc=org
> >ldap_bind_dn: cn=admin
> >ldap_password: password
> >ldap_scope: sub
> >ldap_filter: (|(cn=%U@%d)(uid=%u))
> >*ldap_auth_method: plain
> >
> >I'm still not able to log in#
> >
> >#imtest -m plain 192.168.1.5 -a test-adm
> >      S: * OK Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
> >      C: C01 CAPABILITY
> >      S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT       THREAD=REFERENCES ANNOTATEMORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE
> >      S: C01 OK Completed
> >      [Server did not advertise AUTH=PLAIN]
> >      Authentication failed. generic failure
> >      Security strength factor: 0
> 
> On 02/13/12 12:55 +0100, Manel Gimeno Zaragozá wrote:
> >I can connect via testsaslauthd:
> >#testsaslauthd -u test-adm -p password
> >        0: OK "Success."
> >
> 
> Check your syslog for any errors (auth facility). Verify that the user
> which imapd is running under has permissions to access the saslauthd mux.
> One way to verify that is with:
> 
> sudo -u cyrus testsaslauthd -u test-adm -p password
> 
> You may need to set:
> 
> sasl_saslauthd_path: </full/path/to/saslauthd/mux>/mux
> 
> Within imapd.conf. But your logs will provide an appropriate error if that
> option is needed.
> 
> -- 
> Dan White
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20120213/28a62fed/attachment-0001.html 


More information about the Info-cyrus mailing list