cyradm cannot connect to cyrus imap server
Dan White
dwhite at olp.net
Thu Feb 20 09:38:42 EST 2014
On 02/20/14 10:35 +0100, Willy Offermans wrote:
>I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following
>package: cyrus-imapd24-2.4.17_4
>
>If I test my setup with imtest, I get connection to the imap server.
>
>MyName at MyComputer:~$ imtest -m login -u username -a username -s localhost
>verify error:num=19:self signed certificate in certificate chain
>TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
>S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR] MyComputer Cyrus IMAP v2.4.17 server ready
>Please enter your password:
>C: L01 LOGIN username {13}
>S: + go ahead
>C: <omitted>
>S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN COMPRESS=DEFLATE IDLE] User logged in SESSIONID=<MyComputer-11451-1392884061-1>
>Authenticated.
>Security strength factor: 256
>
>>From the message log file:
>
>Feb 19 09:00:11 MyComputer imaps[3437]: imapd:Loading hard-coded DH parameters Feb 19 09:00:11 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>Feb 19 09:00:11 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
>Feb 19 09:00:15 MyComputer imaps[3437]: badlogin: localhost [127.0.0.1] plaintext username SASL(-13): authentication failure: checkpass failed
>Feb 19 09:00:30 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>Feb 19 09:00:30 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
>Feb 19 09:00:39 MyComputer imaps[3437]: login: localhost [127.0.0.1] username plaintext+TLS User logged in SESSIONID=<MyComputer-3437-1392800430-1>
>Feb 19 09:02:18 MyComputer imaps[3437]: USAGE username user: 0.007544 sys: 0.022632
>
>However, if I try to connect via cyradm, I cannot login.
>
>MyName at MyComputer:~$ cyradm --user username localhost
>Password:
>verify error:num=19:self signed certificate in certificate chain
>cyradm: cannot authenticate to server with as username
Does the output really say this (empty username)? I'm assuming you just
removed it when pasting it.
>from the message log file:
>Feb 19 09:02:41 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
>Feb 19 09:02:48 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops]
>Feb 19 09:02:51 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: unable to canonify user and get auxprops]
>Feb 19 09:02:55 MyComputer imap[3440]: imapd:Loading hard-coded DH parameters
>Feb 19 09:02:55 MyComputer imap[3440]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>Feb 19 09:02:55 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
In imapd.conf, set:
sasl_mech_list: PLAIN LOGIN EXTERNAL
to remove some extraneous error messages. Try specifying a mechanism
(--auth=PLAIN) in your cyradm command.
--
Dan White
More information about the Info-cyrus
mailing list