cyradm cannot connect to cyrus imap server

Willy Offermans Willy at Offermans.Rompen.nl
Thu Feb 20 09:49:27 EST 2014 

Hello Dan and Cyrus Friends,

On Thu, Feb 20, 2014 at 08:38:42AM -0600, Dan White wrote:
> On 02/20/14 10:35 +0100, Willy Offermans wrote:
> >I'm setting up cyrus on my new FreeBSD 10.0 server. I have used the following
> >package: cyrus-imapd24-2.4.17_4
> >
> >If I test my setup with imtest, I get connection to the imap server.
> >
> >MyName at MyComputer:~$ imtest -m login -u username -a username -s localhost
> >verify error:num=19:self signed certificate in certificate chain
> >TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
> >S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN SASL-IR] MyComputer Cyrus IMAP v2.4.17 server ready
> >Please enter your password:
> >C: L01 LOGIN username {13}
> >S: + go ahead
> >C: <omitted>
> >S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN AUTH=LOGIN COMPRESS=DEFLATE IDLE] User logged in SESSIONID=<MyComputer-11451-1392884061-1>
> >Authenticated.
> >Security strength factor: 256
> >
> >>From the message log file:
> >
> >Feb 19 09:00:11 MyComputer imaps[3437]: imapd:Loading hard-coded DH parameters Feb 19 09:00:11 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
> >Feb 19 09:00:11 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
> >Feb 19 09:00:15 MyComputer imaps[3437]: badlogin: localhost [127.0.0.1] plaintext username SASL(-13): authentication failure: checkpass failed
> >Feb 19 09:00:30 MyComputer imaps[3437]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
> >Feb 19 09:00:30 MyComputer imaps[3437]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
> >Feb 19 09:00:39 MyComputer imaps[3437]: login: localhost [127.0.0.1] username plaintext+TLS User logged in SESSIONID=<MyComputer-3437-1392800430-1>
> >Feb 19 09:02:18 MyComputer imaps[3437]: USAGE username user: 0.007544 sys: 0.022632
> >
> >However, if I try to connect via cyradm, I cannot login.
> >
> >MyName at MyComputer:~$ cyradm --user username localhost
> >Password:
> >verify error:num=19:self signed certificate in certificate chain
> >cyradm: cannot authenticate to server with  as username
> 
> Does the output really say this (empty username)? I'm assuming you just
> removed it when pasting it.

No Dan, I did not remove anything. I just replaced the actual username by
username. There is a whitespace between with and as in the output!

> 
> >from the message log file:
> >Feb 19 09:02:41 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
> >Feb 19 09:02:48 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] SCRAM-SHA-1 [SASL(-13): user not found: unable to canonify user and get auxprops]
> >Feb 19 09:02:51 MyComputer imap[3440]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: unable to canonify user and get auxprops]
> >Feb 19 09:02:55 MyComputer imap[3440]: imapd:Loading hard-coded DH parameters
> >Feb 19 09:02:55 MyComputer imap[3440]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
> >Feb 19 09:02:55 MyComputer imap[3440]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
> 
> In imapd.conf, set:
> 
> sasl_mech_list: PLAIN LOGIN EXTERNAL
> 
> to remove some extraneous error messages. Try specifying a mechanism
> (--auth=PLAIN) in your cyradm command.
> 
> -- 
> Dan White

I did this and it worked:

MyName at MyComputer:~$ cyradm --user username --auth PLAIN localhost
verify error:num=19:self signed certificate in certificate chain
Password: 
localhost> 

Many thnx for your help!

-- 
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,

Wiel

*************************************
W.K. Offermans
Home:   +31 45 544 49 44
Mobile: +31 681 15 87 68
e-mail: Willy at Offermans.Rompen.nl

More information about the Info-cyrus mailing list