Allow PLAIN login cyrus 2.2.12
Manel Gimeno Zaragozá
magiza83 at hotmail.com
Mon Feb 13 11:22:49 EST 2012
Hello,
I've execute testsaslauthd as cyrus user a it's OK
[root log]# su - cyrus
[cyrus1 ~]$ /usr/sbin/testsaslauthd -u test-adm -p password
0: OK "Success."
On the other hand, I've done some test and I've execute imtest getting the following:
# imtest -m plain 192.168.65.130 -a cyrus
S: * OK Datadec-Online Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO encryption needed to use mechanism
Authentication failed. generic failure
Security strength factor: 0
. login test-adm password
. OK User logged in
C: Q01 LOGOUT
Connection closed.
=========log==============
Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: telling master 2
Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: accepted connection
Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: telling master 3
Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 pid 29801 in READY state: now unavailable and in BUSY state
Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 now has 1 ready workers
Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 pid 29801 in BUSY state: now serving connection
Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 now has 1 ready workers
*Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: badlogin:
xmlfrwk.pre.datadec-online.com [192.168.65.130] PLAIN [SASL(-16):
encryption needed to use mechanism: security flags do not match
required]
*Feb 13 17:16:11 srv-vln-pre1 imap1[29801]: login:
xmlfrwk.pre.datadec-online.com [192.168.65.130] test-adm plaintext User
logged in
==========================
As you can see on the first try I get "badlogin" but when I try ". login test-adm password" I'm able to log in.
Regards.
> Date: Mon, 13 Feb 2012 09:49:45 -0600
> From: dwhite at olp.net
> To: magiza83 at hotmail.com
> CC: info-cyrus at lists.andrew.cmu.edu; awilliam at whitemice.org
> Subject: Re: Allow PLAIN login cyrus 2.2.12
>
> On 02/13/12 16:02 +0100, Manel Gimeno Zaragozá wrote:
> >
> >Hello,
> >
> >I've tried adding "asterisk" lines but nothing changes:
> >
> >=====imapd.conf====
> >sasl_pwcheck_method: saslauthd
> >sasl_mech_list: PLAIN
> >*sasl_minimum_layer: 0
> >
> >=====saslauthd.conf=====
> >ldap_servers: ldap://ldap.ldaptest.com:389/ ldap://srv-ln-repli1.ldaptest:389/
> >ldap_search_base: ou=pre_test,dc=org
> >ldap_bind_dn: cn=admin
> >ldap_password: password
> >ldap_scope: sub
> >ldap_filter: (|(cn=%U@%d)(uid=%u))
> >*ldap_auth_method: plain
> >
> >I'm still not able to log in#
> >
> >#imtest -m plain 192.168.1.5 -a test-adm
> > S: * OK Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
> > C: C01 CAPABILITY
>
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT
CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE
> > S: C01 OK Completed
> > [Server did not advertise AUTH=PLAIN]
> > Authentication failed. generic failure
> > Security strength factor: 0
>
> On 02/13/12 12:55 +0100, Manel Gimeno Zaragozá wrote:
> >I can connect via testsaslauthd:
> >#testsaslauthd -u test-adm -p password
> > 0: OK "Success."
> >
>
> Check your syslog for any errors (auth facility). Verify that the user
> which imapd is running under has permissions to access the saslauthd mux.
> One way to verify that is with:
>
> sudo -u cyrus testsaslauthd -u test-adm -p password
>
> You may need to set:
>
> sasl_saslauthd_path: </full/path/to/saslauthd/mux>/mux
>
> Within imapd.conf. But your logs will provide an appropriate error if that
> option is needed.
>
> --
> Dan White
Manel Gimeno Zaragoza
magiza83 at hotmail.com
> Date: Mon, 13 Feb 2012 09:49:45 -0600
> From: dwhite at olp.net
> To: magiza83 at hotmail.com
> CC: info-cyrus at lists.andrew.cmu.edu; awilliam at whitemice.org
> Subject: Re: Allow PLAIN login cyrus 2.2.12
>
> On 02/13/12 16:02 +0100, Manel Gimeno Zaragozá wrote:
> >
> >Hello,
> >
> >I've tried adding "asterisk" lines but nothing changes:
> >
> >=====imapd.conf====
> >sasl_pwcheck_method: saslauthd
> >sasl_mech_list: PLAIN
> >*sasl_minimum_layer: 0
> >
> >=====saslauthd.conf=====
> >ldap_servers: ldap://ldap.ldaptest.com:389/ ldap://srv-ln-repli1.ldaptest:389/
> >ldap_search_base: ou=pre_test,dc=org
> >ldap_bind_dn: cn=admin
> >ldap_password: password
> >ldap_scope: sub
> >ldap_filter: (|(cn=%U@%d)(uid=%u))
> >*ldap_auth_method: plain
> >
> >I'm still not able to log in#
> >
> >#imtest -m plain 192.168.1.5 -a test-adm
> > S: * OK Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
> > C: C01 CAPABILITY
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE
> > S: C01 OK Completed
> > [Server did not advertise AUTH=PLAIN]
> > Authentication failed. generic failure
> > Security strength factor: 0
>
> On 02/13/12 12:55 +0100, Manel Gimeno Zaragozá wrote:
> >I can connect via testsaslauthd:
> >#testsaslauthd -u test-adm -p password
> > 0: OK "Success."
> >
>
> Check your syslog for any errors (auth facility). Verify that the user
> which imapd is running under has permissions to access the saslauthd mux.
> One way to verify that is with:
>
> sudo -u cyrus testsaslauthd -u test-adm -p password
>
> You may need to set:
>
> sasl_saslauthd_path: </full/path/to/saslauthd/mux>/mux
>
> Within imapd.conf. But your logs will provide an appropriate error if that
> option is needed.
>
> --
> Dan White
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20120213/28a62fed/attachment-0001.html
More information about the Info-cyrus
mailing list