Hi everyone, Maybe I should be a little more specific about the exact symptoms of the problem. Imapd 2.1.1 authenticates just fine using saslauthd, which is set up to use pam, which connects to an LDAP server.
As I understand it, imapd/pop3d will use the LOGIN mechanism, and timsieved will use the PLAIN mechanism. Is that the only difference between the way these servers authenticate users? The following messages are logged when someone tries to connect to timsieved: Jan 30 16:23:16 cronus timsieved[7018]: authentication failed Jan 30 16:23:16 cronus timsieved[7018]: Password verification failed Jan 30 16:23:16 cronus timsieved[7018]: badlogin: sirius.pcf.com[10.10.1.140] PLAIN authentication failure but both pop3d and imapd work fine with login: Jan 29 16:23:15 cronus pop3d[32095]: login:brentssff.pcf.com[10.10.1.50] heat plaintext I would be very grateful if someone could give me a direction to look in. I have a big passel of users who all suddenly need to update their vacation notices, and I'm tired of typing them in manually. :-) Thanks in advance! -Jules Agee On Wed, 2002-01-30 at 10:44, julesa wrote: > I'm having a similar problem. I was using 2.0.15 with > sasl_pwcheck_method: pam, and just upgraded to 2.1.1 with SASL 2.1.0 on > RedHat 7.0. I have set up saslauthd to use pam, and changed imapd.conf > to sasl_pwcheck_method: saslauthd. imapd authenticates fine through > that, but I can't seem to get timsieved authenticating properly. > > It looks like it's not allowing PLAIN auth type. I added > "allowplaintext: yes" to the imapd.conf file, but I still get this: > > $ imtest -m plain localhost > C: C01 CAPABILITY > S: * OK cronus Cyrus IMAP4 v2.1.1 server ready > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT > THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=DIGEST-MD5 > AUTH=CRAM-MD5 > S: C01 OK Completed > C: A01 AUTHENTICATE PLAIN > S: A01 NO Error authenticating > Authentication failed. generic failure > Security strength factor: 0 > > > I did create the symlink as advised in the docs: > > # ls -l /usr/lib/sasl2 > lrwxrwxrwx 1 root root 20 Jan 29 15:47 /usr/lib/sasl2 > -> /usr/local/lib/sasl2 > > And it looks like the libraries for plain auth are in this directory: > > # cd /usr/lib/sasl2 > # ls -l libplain* > -rwxr-xr-x 1 root root 685 Jan 25 23:38 libplain.la > lrwxrwxrwx 1 root root 17 Jan 25 23:38 libplain.so -> > libplain.so.2.0.0 > lrwxrwxrwx 1 root root 17 Jan 25 23:38 libplain.so.2 -> > libplain.so.2.0.0 > -rwxr-xr-x 1 root root 73124 Jan 25 23:38 > libplain.so.2.0.0 > > I probably missed some key point in the documentation, but I just can't > find it. Any suggestions? > > -Jules > > > On Tue, 2002-01-15 at 10:44, Ferdinand Goldmann wrote: > > Hello again... > > > > On Sat, 5 Jan 2002, Ken Murchison wrote: > > > > > Quoting Ferdinand Goldmann <[EMAIL PROTECTED]>: > > > > > > > > > > > > > > > On Fri, 4 Jan 2002, Lawrence Greenfield wrote: > > > > > > > > > try: > > > > > > > > > > ln -s /usr/local/lib/sasl /usr/lib/sasl > > > > > > > > > > libsasl looks in /usr/lib/sasl for the plugins but installs them into > > > > > /usr/local/lib/sasl. > > > > > > > > Yes, I know, I already did this after SASL installation: > > > > # ls -l /usr/lib/sasl > > > > lrwxrwxrwx 1 root system 19 Oct 23 12:46 /usr/lib/sasl -> > > > > /usr/local/lib/sasl > > > > # ls /usr/local/lib/sasl > > > > libanonymous.a libcrammd5.a libdigestmd5.a > > > > libplain.a > > > > libanonymous.la libcrammd5.la libdigestmd5.la > > > > libplain.la > > > > libanonymous.so.1 libcrammd5.so.1 libdigestmd5.so.0 > > > > libplain.so.1 > > > > libanonymous.so.1.0.15 libcrammd5.so.1.0.15 libdigestmd5.so.0.0.17 > > > > libplain.so.1.0.14 > > > > > > > > I still have no idea, why my plugins are not detected, or why SASL does not > > > > anounce anything when connecting to imapd or popd. Still, everyone can log > > > > in > > > > fine to their POP3/IMAP accounts, I guess because I am running a pwcheck > > > > daemon. > > > > > > The reason that your users can login to IMAP and POP3 is probably because they > > > are not using the AUTHENTICATE or AUTH commands (ie, SASL) respectively. IMAP > > > and POP3 each have their own built-in plaintext commands (LOGIN and USER/PASS). > > > > I finally found the time to dig a little bit into this problem: > > SASL expects DLL files which end in '.so'. However, AIX seems to be a bit > > tricky here. In my installation, I had only .a and .so.<versionnumber> files. > > > > So I did the following: I symlinked the .a files to .so files and edited the > > respective .la-files (which hold the configuration information for libtool): > > library_names='libplain.so.1.0.14 libplain.so.1 libplain.a libplain.so' > > ^^^^^^^^^^^ > > and added another name so the libtool wrapper can find the library under > > this name. > > > > And: > > # telnet localhost sieve > > Trying... > > Connected to localhost > > Escape character is '^]'. > > "IMPLEMENTATION" "Cyrus timsieved v1.0.0" > > "SASL" "PLAIN" > > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress regex" > > OK > > > > So am finally seeing some plugins. Now I am running into a different problem: > > I created a user 'test' using saslpasswd: > > # sasldblistusers > > user: test realm: yoda mech: CRAM-MD5 > > user: test realm: yoda mech: PLAIN > > user: test realm: yoda mech: DIGEST-MD5 > > > > auth.debug: > > Jan 15 19:18:59 yoda syslog: PLAIN: set secret for test > > Jan 15 19:18:59 yoda syslog: DIGEST-MD5: set secret for test > > Jan 15 19:18:59 yoda syslog: CRAM-MD5: set secret for test > > > > However, upon connecting to the imap port, I don't see CRAM-MD5/DIGEST-MD5 > > announced: > > C01 CAPABILITY > > * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS > > ID NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > > THREAD=REFERENCES IDLE AUTH=PLAIN X-NETSCAPE > > C01 OK Completed > > > > I created a symlink from /usr/local/etc/sasldb to /etc/sasldb (since this > > location is mentioned in the manpage), but with no success so far. > > > > Any ideas where I might continue looking? BTW, what is the correct realm > > to set in sasldb? The FQDN of my IMAP server? > > > > Kind regards, > > Ferdinand > > > >
