All,
I am having a weird user auth issue with sasl and cyrus imap/pop server.
My os is Freebsd 4.2 w/the latest Berkeley db 3.2, Cyrus 2.0.12, and sasl-
1.5.14.
I want to allow some users with unix logins and users without unix
logins to pop mail off the server. My MTA is postfix.
I created the mailboxes under cyradm and gave them passwords using
saslpasswd -c cyrus and saslpasswd -c bender
Here is my /etc/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
logins: cyrus root
srvtab: /var/imap/srvtab
allowanonymouslogin: no
sasl_passwd_check: shadow
sasl_pwcheck_method: pwcheck
#sasl_passwd_check: sasl
#sasl_pwcheck_method: sasl
At one point I even did a allowanonymouslogin: yes, but that did not resolve
my issue, I did a sasl_pwcheck_method: pwcheck instead of sasl_pwcheck_method:
sasl
because when I use sasl my imtest tests dies.
#imtest -m login -p imap localhost (as user cyrus)
C: C01 CAPABILITY
S: * OK hostname Cyrus IMAP4 v2.0.12 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMI
C_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
IDLE
AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
Password:
C: L01 LOGIN cyrus {7}
+ go ahead
C: <omitted>
L01 OK User logged in
Authenticated.
Security strength factor: 0
This works when I have sasl_pwcheck_method: pwcheck since cyrus is also
a local
account. The imap part looks good so I try popping mail off
When I type in the wrong password in my e-mail client, I get this which
is correct
Mar 11 12:03:32 hostname pop3d[41133]: badlogin: [10.44.11.11] plaintext
cyrus Incorrect password
When I type in the right password in my e-mail client then it fails with
Mar 11 12:03:43 hostname pop3d[41135]: login: [10.44.11.11] cyrus plaintext
When I use imapd on my e-mail client to login I get the same error messages
too in both cases.
So I did another test using sasl_pwcheck_method: sasl in imapd.conf. This
time around both cyrus unix password and saslpassword accounts during a
imap and pop connection via Eudora fail with the very same errors.
I did a imap cmd line test
# imtest -m login -p imap localhost (as user cyrus)
C: C01 CAPABILITY
S: * OK hostname Cyrus IMAP4 v2.0.12 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMI
C_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
IDLE
AUTH=ANONYMOUS AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
Password:
C: L01 LOGIN cyrus {7}
+ go ahead
C: <omitted>
L01 NO Login failed: no mechanism available
Authentication failed. generic failure
Security strength factor: 0
Now it tells me there is a generic failure.
What gives?
On another note, I have a saslpasswd entry for bender too, but not a unix
login.
A imtest gives me the same errors as above and when I try to pop mail off
I get
Mar 1 3:11:01 hostname pop3d[41102]: badlogin: [10.44.11.11] plaintext bender
Userid not found
Mar 1 3:11:21 hostname pop3d[41103]: login: [10.44.11.11] cyrus plaintext
Mar 1 3:11:53 hostname pop3d[41104]: login: [10.44.11.11] cyrus plaintext
This shows up in /var/log/messages
hostname imapd[77700]: unrecognized plaintext verifier sasl
So I reset benders passwd using saslpasswd and I get this
"saslpasswd: failed to set plaintext secret for bender:
requested change was not needed" error message.
I then try to pop the mail off and get this
hostname pop3d[77723]: unrecognized plaintext verifier sasl
I do notice that I don't have a /usr/lib/sasl/saslpasswd.conf. Does this
matter?
I think my sasl install is misconfigured. Any suggestions?
2. On another box where I have both postfix and cyrus configured the same
way,
I get a pause forever when I do
#imtest -m login -p imap localhost (as user cyrus)
C: C01 CAPABILITY
It doesn't go anywhere after this. When I proceed to do a cyradm localhost,
it also pauses forever, the /var/log/messages do complain of a DBerror.
I installed Berkeley dbm the very same way I did on the other machine too.
Does anyone know what these symptoms mean?
Thanks.
Free, encrypted, secure Web-based email at www.hushmail.com
