I've had this problem as well..but with IMAP (never checked sieve)..
The issue is cyrus imap checks the domain and if it is not the "Default"
domain or listed in the loginrealms: config line in /etc/imapd.conf.
However, the check seems to only occur when using a sasl mech other than
login with IMAP.. As sieve uses sasl as well this is where the problem
is.. (now that you are totally confused..)
I've attached the patch I created to fix the issue with IMAPd.
Basically put loginrealms: * in /etc/imapd.conf and it'll all work..
otherwise you will have to put every domain on your server in
loginrealms.. (see man imapd.conf)
On Sun, 2003-08-31 at 00:30, Daniel Lawson wrote:
> I have a virtual domain system set up under Debian Woody with exim, ldap
> as an auth backend, and cyrus 2.1.15 (backported to Woody). I am using
> althierarchy and unixsep. Saslauthd is configured to use PAM as an
> authentication mechanism.
>
> Mailboxes are created with the name "[EMAIL PROTECTED]". Delivery and
> retrieval works perfectly.
>
> However, I cannot log in to timsieved with usernames in this format. The
> standard mail logs only show failed login style messages.
>
> My authentication log has the following (edited) snippet:
>
> Aug 31 17:16:18 server cyrus/timsieved[20862]: can't access srvtab file
> /etc/srvtab: No such file or directory
> Aug 31 17:16:18 server cyrus/timsieved[20862]: server add_plugin
> entry_point error generic failure
> Aug 31 17:16:18 server cyrus/timsieved[20862]: _sasl_plugin_load failed
> on sasl_server_plug_init for plugin: kerberos4
> Aug 31 17:16:18 server cyrus/timsieved[20862]: cross-realm login
> [EMAIL PROTECTED] denied
>
> The first three lines appear to occur every time someone logs in, so I
> dont think this is relevant. The last one seems to be the relevant one -
> 'cross-realm login ...'
>
> Adding 'domain.net.nz' to the 'loginrealms' parameter in imapd.conf
> allows this user to login via sieve.
>
> I'd rather not have to add every domain to this field if I can at all
> help it. I'll confess that I know very little about SASL, however it
> bothers me that it acts differently when used from Sieve (ie, wont allow
> logins) but both the IMAP and POP daemons allow logins fine.
>
> Is there something about Sieve which means I cannot use "@" in usernames
> at all? Am i missing an obvious configuration option somewhere? :/
> Anyone have any thoughts on how to fix this?
>
> Daniel
>
>
--
Edward Rudd <[EMAIL PROTECTED]>
Home Page <http://urkle.drip.ws/>
--- imap/imapd.c.orig Wed Jul 9 23:51:18 2003
+++ imap/imapd.c Thu Jul 10 00:21:15 2003
@@ -308,8 +308,9 @@
realm++;
val = config_getstring("loginrealms", "");
while (*val) {
- if (!strncasecmp(val, realm, strlen(realm)) &&
- (!val[strlen(realm)] || isspace((int) val[strlen(realm)]))) {
+ if ((!strncasecmp(val, realm, strlen(realm)) &&
+ (!val[strlen(realm)] || isspace((int) val[strlen(realm)])))
+ || (val[0]=='*')) {
break;
}
/* not this realm, try next one */
--- imap/config.c.orig Mon Apr 14 15:31:36 2003
+++ imap/config.c Sun Aug 31 03:49:24 2003
@@ -481,8 +481,9 @@
realm++;
val = config_getstring("loginrealms", "");
while (*val) {
- if (!strncasecmp(val, realm, strlen(realm)) &&
- (!val[strlen(realm)] || isspace((int) val[strlen(realm)]))) {
+ if ((!strncasecmp(val, realm, strlen(realm)) &&
+ (!val[strlen(realm)] || isspace((int) val[strlen(realm)])))
+ || (val[0]=='*')) {
break;
}
/* not this realm, try next one */
