Cannot connect with cyradm

[Simon Matter]

> I am trying to set up a basic system with cyrus-imap and postfix on amazon
> linux
>
> I can connect using imtest, but cannot connect with cyradm:
>
> Additionally, when I connect via a client with a user I know has mail,
> it's
> saying that no INBOX exists. Postfix's mail spool is /var/spool/mail, but
> I
> don't see anywhere to verify that imapd or lmtpd is looking there.
>
> Sorry if these are dumb questions. I'm completely new to cyrus-imap and
> the
> documentation at cyrusimap.org is extremely sketchy.
>
> Any advice appreciated.
>
> $ more /etc/imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN LOGIN
> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>
> $ grep MECH /etc/init.d/saslauthd
> MECH=pam
>
> $ imtest -t "" -u cyrus -a cyrus localhost
> S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED
> COMPRESS=DEFLATE] ip-172-31-1-214 Cyrus IMAP
> v2.3.16-Fedora-RPM-2.3.16-6.9.amzn1 server ready
> C: S01 STARTTLS
> S: S01 OK Begin TLS negotiation now
> verify error:num=18:self signed certificate
> TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256
> bits)
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN SASL-IR
> COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
> NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
> SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH
> S: C01 OK Completed
> Please enter your password:
> C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAaGVsbC1oYXRoLW5vLWZ1cnk=
> S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED
> COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
> NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
> SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (tls
> protection)
> Authenticated.
> Security strength factor: 256
> . LIST "" "*"
> . OK Completed (0.000 secs 1 calls)
> . LOGOUT
> * BYE LOGOUT received
> . OK Completed
> Connection closed.
>
> $ cyradm --user cyrus --authz cyrus localhost
> Login disabled.
> cyradm: cannot authenticate to server with  as cyrus
> $ cyradm --user cyrus --authz cyrus --auth pam localhost
> verify error:num=18:self signed certificate
> cyradm: cannot authenticate to server with pam as cyrus
> $ cyradm --user cyrus --authz cyrus --auth shadow localhost
> verify error:num=18:self signed certificate
> cyradm: cannot authenticate to server with shadow as cyrus

What does it do if you run with "--auch PLAIN" instead?

Regards,
Simon