sivtest fails to authenticate but imtiest succeeds

John Hayward john.hayward at wheaton.edu
Sat Jun 27 09:33:36 EDT 2015 

I am having trouble authenticating to sivtest but can authenticate to Imtest.


I am running NetBSD packages:

cyrus-sasl-2.1.26nb4 Simple Authentication and Security Layer

cyrus-imapd-2.4.17nb10 Cyrus IMAP server

cy2-login-2.1.22    Cyrus SASL LOGIN authentication plugin

cy2-plain-2.1.26    Cyrus SASL PLAIN authentication plugin

my /usr/pkg/etc/imapd.conf currently looks like:

===== imapd.conf ====

# $NetBSD: imapd.conf,v 1.5 2005/03/02 21:42:48 wiz Exp $

#

# Cyrus IMAP server configuration file.  Refer to imapd.conf(5) for

# more options.


configdirectory: /var/imap

partition-default: /var/spool/imap

#sieveusehomedir: true

hashimapspool: false

sievedir: /usr/pkg/sieve

sieve_maxscriptsize: 32

sieve_maxscripts: 5


admins: cyrus johnh


# Use the saslauthd daemon to verify plaintext passwords.  Please ensure that

# the saslauthd daemon is running before trying to authenticate.

#

#sasl_mech_list: PLAIN

sasl_pwcheck_method: auxprop

sasl_auxprop_plugin: sasldb

allowanonymouslogin: no

# aparently changed in 2.4

# aparently changed in 2.4

allowplaintext: yes


# The server certificate and key files must be specified for the

# server to repond to IMAPS or POP3S requests.  See imapd.conf(5) for

# a complete listing of tls_* options.

#

tls_ca_file: /var/imap/server.pem

tls_cert_file: /var/imap/server.pem

tls_key_file: /var/imap/server.pem

===== end imapd.conf ======


I am trying to use sasldb which is located in /usr/pkg/etc/sasldb.db


Here is what I am seeing when I run imtest and sivtest

==== sieve.log ===

Script started on Sat Jun 27 07:54:38 2015

ESC[?1034hbash-3.2$ imtest -a linda -u linda localhost

S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=LOGIN AUTH=PLAIN SASL-IR] haywardfamily.org Cyrus IMAP v2.4.17 server ready^M

C: A01 AUTHENTICATE LOGIN^M

S: + VXNlcm5hbWU6^M

Please enter your password:

C: bGluZGE=^M

S: + UGFzc3dvcmQ6^M

C: MnphcHB5^M

S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE IDLE] Success (no protection) SESSIONID=<haywardfamily.org-4536-1435409698-1>^M

Authenticated.

Security strength factor: 0

^CC: Q01 LOGOUT^M

Connection closed.

bash-3.2$ sivtest -a linda -u linda localhost

S: "IMPLEMENTATION" "Cyrus timsieved v2.4.17"^M

S: "SASL" "LOGIN PLAIN"^M

S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"^M
S: "STARTTLS"^M
S: "UNAUTHENTICATE"^M
S: OK^M
C: AUTHENTICATE "LOGIN"^M
S: {12}^M
S: VXNlcm5hbWU6^M
Please enter your password:
C: {8+}^M
C: bGluZGE=^M
S: {12}^M
S: UGFzc3dvcmQ6^M
C: {8+}^M
C: MnphcHB5^M
S: NO "Authentication Error"^M
Authentication failed. generic failure
Security strength factor: 0
^CC: LOGOUT^M
Connection closed.
bash-3.2$ exit
exit

Script done on Sat Jun 27 07:55:49 2015
==== end of sieve.log ===

Any suggestions on how to resolve this issue?

Some additional questions:

1) if one is trying to use sasldb with sasl_auxprop_plugin then saslauthd is out of the picture - I have it running but don't think it needs to be involved.

2) There appears to be both login and plain mechanisms - on imtest I can specify either and they both authenticate - which one should I be focused on?

TIA
johnh...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20150627/d26dc71a/attachment.html

More information about the Info-cyrus mailing list