Keith Kee schrieb:
> Hi Simon,
> I can pop-3 with keith and telnet to mailhost 2000 without a problem.
Okay, you can login but what does timsieved tell you? In my case it says
something like:
"SASL" "PLAIN"
So, it will accept PLAIN authentication.
Now, I guess your timsieved is not correctly compiled to allow PLAIN auth.
The configure part of my RPM spec file looks something like this:
%configure \
--enable-netscapehack \
--without-ucdsnmp \
--with-krb=%{_prefix}/kerberos \
--with-perl=%{__perl} \
--with-libwrap=%{_prefix} \
--with-openssl=%{_prefix} \
--with-cyrus-prefix=%{_cyrexecdir} \
--with-auth=unix
-Simon
>
> Somehow, it does not like plain as the authentication method. I was
> successfully authenticated if I remove the sasl_mech_list, which sieveshell
> will then use MD5-CRAM to authenticate me against /etc/sasldb2. That worked,
> but then imap and pop will not authentication correctly.
> Is it possible for me to use sieve despite the fact that I cannot login
> to timsieved?
>
> Thanks
> keith
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> > Behalf Of Simon Matter
> > Sent: Tuesday, February 26, 2002 9:32 AM
> > To: Keith Kee
> > Cc: Ken Murchison; Cyrus Info
> > Subject: Re: sieveshell authentication failed on Solaris
> >
> >
> > Hm, sorry, I don't know whats wrong with your setup. IIRC when you have
> > more than PLAIN in your mechlist, sieveshell can not use PLAIN. This
> > only works with cyradm by now.
> >
> > - Can you use pop-3 with user keith ?
> > - what do you get when telnet mailhost 2000 ?
> >
> > This is what works for me here:
> >
> > [root@dhcp-141-104 root]# cat /etc/imapd.conf
> > configdirectory: /var/lib/imap
> > partition-default: /var/spool/imap
> > admins: cyrus
> > allowanonymouslogin: no
> > sieveuserhomedir: no
> > sievedir: /var/lib/imap/sieve
> > sendmail: /usr/sbin/sendmail
> > hashimapspool: true
> > sasl_pwcheck_method: saslauthd
> > sasl_mech_list: PLAIN
> > tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
> > tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
> >
> > [root@dhcp-141-104 root]# cat /etc/pam.d/sieve
> > #%PAM-1.0
> > auth required /lib/security/pam_stack.so service=system-auth
> > account required /lib/security/pam_stack.so service=system-auth
> >
> > [root@dhcp-141-104 root]# telnet localhost 2000
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape character is '^]'.
> > "IMPLEMENTATION" "Cyrus timsieved v1.1.0"
> > "SASL" "PLAIN"
> > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
> > regex"
> > "STARTTLS"
> > OK
> > logout
> > Ok "Logout Complete"
> > Connection closed by foreign host.
> >
> > [root@dhcp-141-104 root]# sieveshell --user=simix --authname=simix
> > localhost
> > connecting to localhost
> > Please enter your password:
> > > quit
> >
> > [/var/log/messages]
> > Feb 26 15:21:20 dhcp-141-104 timsieved[12244]: login:
> > localhost.localdomain[127.0.0.1] simix PLAIN User logged in
> >
> > Anything more you want to know?
> >
> > -Simon
> >
> > Keith Kee schrieb:
> > >
> > > Simon,
> > > I tried add the entry in pam.conf and it is still not
> > working. I think
> > > something else is wrong. Syslog register such an entry when I issue the
> > > command, /usr/local/bin/sieveshell --user=keith
> > --authname=keith mailhost.
> > >
> > > Feb 26 07:29:58 bragi timsieved[2817]: [ID 656617
> > local6.notice] badlogin:
> > > localhost[127.0.0.1] PLAIN invalid parameter supplied.
> > >
> > > Thanks,
> > > keith
> > >
> > > > -----Original Message-----
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> > > > Behalf Of Simon Matter
> > > > Sent: Tuesday, February 26, 2002 2:38 AM
> > > > To: Keith Kee
> > > > Cc: Ken Murchison; Cyrus Info
> > > > Subject: Re: sieveshell authentication failed on Solaris
> > > >
> > > >
> > > > As you mentioned you have started saslauthd to use PAM. Therefore you
> > > > need to have the different configs in PAM. If timsieved needs
> > > > authentication, it sends the request to saslauthd with service sieve,
> > > > saslauthd send the auth request to PAM with service sieve. That's why
> > > > you need a sieve config in PAM.
> > > >
> > > > -Simon
> > > >
> > > > Keith Kee schrieb:
> > > > >
> > > > > I don't quite understand why I should bother about pam.conf if the
> > > > > pwcheck_method is saslauthd? Should all the authentications are
> > > > done through
> > > > > saslauthd for imapd, popd, and timsieved? Here is my
> > /etc/imapd.conf:
> > > > >
> > > > > configdirectory: /ext/imap/config
> > > > > partition-default: /ext/imap/mailboxes
> > > > > servername: bragi.netsco.com
> > > > > admins: root cyrus
> > > > > sasl_pwcheck_method: saslauthd
> > > > > allowplaintext: yes
> > > > > allowanonymouslogin: no
> > > > > autocreatequota: 20
> > > > > sendmail: /usr/lib/sendmail
> > > > > timeout: 30
> > > > > imapidlepoll: 60
> > > > > impaidreponse: yes
> > > > > umask: 077
> > > > > sieveuserhomedir: false
> > > > > sievedir: /ext/imap/sieve
> > > > > sasl_auto_transition: yes
> > > > > postuser: bb
> > > > > lmtpsocket: /var/cyrus/socket/lmtp
> > > > > idlesocket: /var/cyrus/socket/idle
> > > > > dracinterval: 30
> > > > > drachost: localhost
> > > > > altnamespace: yes
> > > > > userprefix: Other Users
> > > > > sharedprefix: Shared Folders
> > > > > logtimestamps: yes
> > > > > sasl_mech_list: plain
> > > > > sasl_sasldb_path: /etc/sasldb2
> > > > >
> > > > > Running sieveshell returns authentication error with not
> > much detailed
> > > > > information:
> > > > > bash-2.03# /usr/local/bin/sieveshell --user=keith
> > > > --authname=keith mailhost
> > > > > connecting to mailhost
> > > > > Please enter your password:
> > > > > unable to connect to server: Authentication Error at
> > > > > /usr/local/bin/sieveshell line 172, <STDIN> chunk 1.
> > > > >
> > > > > peeking in /var/adm/messages shows:
> > > > > Feb 25 23:48:45 bragi timsieved[1459]: [ID 702911
> > auth.notice] Password
> > > > > verification failed
> > > > >
> > > > > and /var/log/imapd.log shows:
> > > > > Feb 25 23:46:49 bragi master[1434]: [ID 392559 local6.debug]
> > > > about to exec
> > > > > /usr/
> > > > > local/cyrus/bin/timsieved
> > > > > Feb 25 23:46:49 bragi sieve[1434]: [ID 518349 local6.debug] executed
> > > > > Feb 25 23:46:49 bragi sieve[1434]: [ID 921384 local6.debug] accepted
> > > > > connection
> > > > > Feb 25 23:46:52 bragi timsieved[1434]: [ID 656617
> > > > local6.notice] badlogin:
> > > > > local
> > > > > host[127.0.0.1] PLAIN authentication failure
> > > > > Feb 25 23:46:52 bragi master[1365]: [ID 310780 local6.debug]
> > > > process 1434
> > > > > exited
> > > > > , status 75
> > > > >
> > > > > Thanks
> > > > > keith
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Ken Murchison [mailto:[EMAIL PROTECTED]]
> > > > > > Sent: Monday, February 25, 2002 8:24 PM
> > > > > > To: Keith Kee
> > > > > > Cc: Cyrus Info
> > > > > > Subject: Re: sieveshell authentication failed on Solaris
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > Keith Kee wrote:
> > > > > > >
> > > > > > > Hi:
> > > > > > > I am running cyrus-imap 2.1.2 and cyrus-sasl 2.1.1 on
> > > > > > Solaris 8, and I am
> > > > > > > having problem getting timsieved to authenticate right.
> > > > Following the
> > > > > > > instructions written in "installing sieve" in the docs
> > > > included with the
> > > > > > > source, I should be able to check my login to timsieved using
> > > > > > > sieveshell --user=keith --authname=keith localhost. However, I
> > > > > > am getting an
> > > > > > > error: unable to connect to server: Authentication Error at
> > > > > > > /usr/local/bin/sieveshell line 172, <STDIN> chunk 1.
> > > > > > >
> > > > > > > I am using saslauthd as my pwcheck_method, and started
> > > > > > saslauthd -a pam.
> > > > > > > I was able to login to the imap server but not the
> > > > timsieved. Reading
> > > > > > > through the posting in this mailing list archive, there was
> > > > some mention
> > > > > > > about having to copying pam.d/imap to pam.d/timsieved. I
> > > > believe this
> > > > > > > applies to linux only? I don't find a pamd.d directory
> > in Solaris 8.
> > > > > > > Besides, I did not edit pam.conf file to make imap server
> > > > authenticate
> > > > > > > correctly. Also, I have sasl_mech_list set to plain in
> > > > /etc/imapd.conf.
> > > > > >
> > > > > > Whether you have one big pam.conf or separate files under
> > pam.d, you
> > > > > > need to have a 'sieve' config which can be a copy of your
> > 'imap' or
> > > > > > 'pop' config.
> > > > > >
> > > > > > Ken
> > > > > > --
> > > > > > Kenneth Murchison Oceana Matrix Ltd.
> > > > > > Software Engineer 21 Princeton Place
> > > > > > 716-662-8973 x26 Orchard Park, NY 14127
> > > > > > --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> > > >
> >
> >
> >
> >
