Hey everyone. I'm trying to set up a replacement server, moving from 2.0.17 to 2.2.6.
The new machine is running FreeBSD 5.2.1 with the following (installed from ports): cyrus-imapd-2.2.6 cyrus-sasl-2.1.18_1 cyrus-sasl-saslauthd-2.1.18_2 The problem is that I am suddenly having a bear of a time getting authentication to work consistently. The current server running 2.0.17 answers plaintext on imap and imaps ports (143 and 993) and answers CRAM-MD5 as well. Problem is that Mutt and gkrellm work with CRAM-MD5 on SSL, and Netscape will only run plaintext on SSL. It appears that I still need to allow port 143 traffic because cyradm requires it, but I've no problem firewalling that off from the outside. Regardless, I'd really like to get CRAM-MD5 and plaintext over SSL (993) working for the same userid. It seems that now that I've logged in with plaintext, I can't do it with CRAM-MD5, because I keep getting this when I try: Jul 6 23:55:58 key2 imaps[6597]: starttls: SSLv2 with cipher DES-CBC3-MD5 (168/168 bits new) no authentication Jul 6 23:55:58 key2 imaps[6597]: Could not open db Jul 6 23:55:58 key2 imaps[6597]: Could not open db Jul 6 23:55:58 key2 imaps[6597]: no secret in database Jul 6 23:55:58 key2 imaps[6597]: badlogin: key2.keyslapper.org [10.8.20.7] CRAM-MD5 [SASL(-17): One time use of a plaintext password will enable requested mechanism for user: no secret in database] I still haven't figured out what database(s) imaps is trying to open, but I don't understand the last message either. When I go back to plaintext authentication, I get the following: Jul 6 23:57:36 key2 imaps[6598]: starttls: SSLv2 with cipher DES-CBC3-MD5 (168/168 bits new) no authentication Jul 6 23:57:36 key2 imaps[6598]: transitioning user leblanc to auxprop database Jul 6 23:57:36 key2 imaps[6598]: SASL error opening password file. Do you have write permissions? Jul 6 23:57:36 key2 imaps[6598]: Could not open db for write Jul 6 23:57:36 key2 imaps[6598]: setpass succeeded for leblanc Jul 6 23:57:36 key2 imaps[6598]: login: key2.keyslapper.org [10.8.20.7] leblanc plaintext+TLS User logged in So that works fine, but it still has problems opening a database. imapd is running as cyrus, but saslauthd is running as root. the sasldb2.db file is owned by root:wheel, and is set with no group access. Do I need to make the file group writeable? I thought the saslauthd process did the actual checking? And what is meant by "setpass succeeded"? This whole thing is driving me nuts. Personally, I'd just as soon have one single authentication point. Because of the way mail is filtered prior to delivery to the imap mailbox, every user (all of about 4 ids) will have a unix login anyway, but is it even possible to get CRAM-MD5 authentication using pwcheck in the backend? This system will be running samba, which has it's own authentication mechanism, but at least that can be tied to the /etc/passwd database. Is there anyway to tie imap authentication (with CRAM-MD5) to it as well? Thanks in advance. Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Fifth Law of Procrastination: Procrastination avoids boredom; one never has the feeling that there is nothing important to do. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html