hi all
here i got a very consistent login failure/success pattern.
i've installed cyrus-imapd-2.0.13 and configured cyrus to authenticate against
openldap-2.0.11 thru pam-ldap
cleartext password stored on ldap
my login test is as follows:
step 1) login with imtest with correct password (first try)
# imtest -u sysadm -a sysadm -m login localhost
C: C01 CAPABILITY
S: * OK cyrus.magic.net Cyrus IMAP4 v2.0.13 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
S: C01 OK Completed
Password:
C: L01 LOGIN sysadm {6}
+ go ahead
C: <omitted>
failure: prot layer failure
step 2) login with imtest with incorrect password (second try)
# imtest -u sysadm -a sysadm -m login localhost
C: C01 CAPABILITY
S: * OK cyrus.magic.net Cyrus IMAP4 v2.0.13 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
S: C01 OK Completed
Password:
C: L01 LOGIN sysadm {7}
+ go ahead
C: <omitted>
L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
step 3) login with imtest with correct password again (third try)
# imtest -u sysadm -a sysadm -m login localhost
C: C01 CAPABILITY
S: * OK cyrus.magic.net Cyrus IMAP4 v2.0.13 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
S: C01 OK Completed
Password:
C: L01 LOGIN sysadm {6}
+ go ahead
C: <omitted>
L01 OK User logged in
Authenticated.
Security strength factor: 0
so i can login to the server finally. then i logged out. after a couple of seconds,
i login with the correct password again. well, everything starts from the
beginning... step 1, step 2, step 3....
conclusion: i must fail on purpose once using imtest/telnet b4 i can successfully log
onto cyrus (imtest/telnet/cyradm).
these r my configuration files:
[/etc/imapd.conf]
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: sysadm
sasl_pwcheck_method: pam
[/etc/cyrus.conf]
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd="ctl_mboxlist -r"
deliver cmd="ctl_deliver -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
# pop3 cmd="pop3d" listen="pop3" prefork=0
# LMTP is required for delivery
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
}
EVENTS {
# this is required
checkpoint cmd="ctl_mboxlist -c" period=30
# this is only necessary if using duplicate delivery suppression
# delprune cmd="ctl_deliver -E 3" period=1440
}
[/etc/pam.d/imap]
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
account sufficient /lib/security/pam_ldap.so
[/etc/ldap.conf] (enabled fields are shown)
# Your LDAP server. Must be resolvable without using LDAP.
host 127.0.0.1
# The distinguished name of the search base.
base dc=magic,dc=net
# The search scope.
scope sub
#scope one
#scope base
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary.
pam_password clear
i believe that's all to it?? how can i make it successful right on the first pass??
thanks a lot!!
manuel
