This is the diff between F37 and F36, maybe you'll find some clue
there:

$ git log --oneline origin/f36..origin/f37
e0d1e57 (origin/f37) Avoid requires on systemd as well as per updated
guidelines
db25e25 Avoid systemd_requires as per updated packaging guidelines
a64513d (HEAD -> rawhide) Fix memory leak in digestmd5 patches
b96caf4 Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
7f6beb6 (pag/sysusers, sysusers) Use systemd sysusers to create
saslauth user
de822fc Enable sasldb authentication mechanism
a1359a4 (pag/rawhide, pag/main) Fix changelog section with correct
syntax
eba3ea5 Update to 2.1.28
b229146 Move to use autorelease macro
d09a799 Move to use the autochangelog macro

HTH,
Simo.


On Thu, 2023-06-08 at 10:39 -0600, Philip Prindeville wrote:
> Hi,
> 
> I had been running F36 and updated to F37.  After rebooting, authentication 
> started failing (seemingly sporadically).
> 
> I'm seeing:
> 
> Jun  8 10:32:10 mail cyrus/imaps[16976]: starttls: TLSv1.2 with cipher 
> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
> Jun  8 10:32:10 mail cyrus/imaps[16976]: client id 
> sessionid=<cyrus-1686241930-16976-1-13642841045060016715>: "name" "Mac OS X 
> Mail" "version" "16.0 (3731.600.7)" "os" "Mac OS X" "os-version" "13.4 
> (22F66)" "vendor" "Apple Inc."
> Jun  8 10:32:10 mail cyrus/imaps[16976]: badlogin: 
> macbook3-3.redfish-solutions.com [192.168.8.12] CRAM-MD5 (-notset-) 
> [SASL(-13): user not found: user: joeb...@mail.redfish-solutions.com 
> property: cmusaslsecretCRAM-MD5 not found in /etc/sasl2/sasldb2]
> 
> But I shouldn't be seeing any domain at all (or realm, whichever) when the 
> SASL lookups are done.
> 
> This has worked in my configuration for years.  Not sure why it's suddenly 
> failing with the update.
> 
> The relevant part of my /etc/imapd.conf is:
> 
> sasl_pwcheck_method: auxprop
> sasl_mech_list: CRAM-MD5 DIGEST-MD5
> 
> And if I use "testsaslauthd -u user -p password" I get a Success.
> 
> This is what I'm running:
> 
> cyrus-imapd-3.4.4-2.fc37.x86_64
> cyrus-imapd-libs-3.4.4-2.fc37.x86_64
> cyrus-imapd-utils-3.4.4-2.fc37.x86_64
> cyrus-sasl-2.1.28-8.fc37.x86_64
> cyrus-sasl-lib-2.1.28-8.fc37.x86_64
> cyrus-sasl-md5-2.1.28-8.fc37.x86_64
> cyrus-sasl-ntlm-2.1.28-8.fc37.x86_64
> cyrus-sasl-plain-2.1.28-8.fc37.x86_64
> 
> SMTP Submission (port 587) with Sendmail AUTH continues to work, and that's 
> using SASL and the same credentials, so the database isn't corrupted.
> 
> My clients are MacOS and iOS, if that matters.
> 
> I ran the session logging on MacOS and decoded the AUTH transaction in 
> IMAP/S, and it's definitely sending just the username, no realm/domain... so 
> no idea where this is creeping in.
> 
> Mail is down, and there's an angry mob outside my office...
> 
> Any assistance?
> 
> Thanks,
> 
> -Philip
> 

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc




------------------------------------------
Cyrus: Devel
Permalink: 
https://cyrus.topicbox.com/groups/devel/Td95652dad981f128-Md4f1cc5fca26d5fd9ded8159
Delivery options: https://cyrus.topicbox.com/groups/devel/subscription

Reply via email to