Why is SASL authentication have to be so difficult? Round 2

[Robert Lubbers]

I am still working on getting this IMAP server authenticating against my 
Windows domain PDC, and I did manage to get the POP server 
authenticating, which is a giant step forward.  But both the IMAP 
component and the cyradm component are complaining:  They both give me 
the same error message:

cyrus-server>telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK cyrus.domain.com Cyrus IMAP4 v2.2.9 server ready
. login cyrususer  secret
. NO Login failed: can't request info until later in exchange
. logout
* BYE LOGOUT received
. OK Completed
whereas the POP3 server doesn't complain at all:
cyrus-server> telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK cyrus-server.domain.com Cyrus POP3 v2.2.9 server ready 
<[EMAIL PROTECTED]>
user cyrususer
+OK Name is a valid mailbox
pass intisol
+OK Mailbox locked and ready

The wild thing is that the /var/log/secure fuile shows a valid 
authentication for either one:

For POP3
Dec  6 10:59:51 cyrus-server saslauthd[1841]: rel_accept_lock : released 
accept lock
Dec  6 10:59:51 cyrus-server saslauthd[1842]: get_accept_lock : acquired 
accept lock
Dec  6 10:59:51 cyrus-server pam_winbind[1841]: user 'cyrususer' granted 
acces
Dec  6 10:59:51 cyrus-server pam_winbind[1841]: user 'cyrususer' granted 
acces
Dec  6 10:59:51 cyrus-server saslauthd[1841]: do_auth         : auth 
success: [user=cyrususer] [service=pop] [realm=] [mech=pam]
Dec  6 10:59:51 cyrus-server saslauthd[1841]: do_request      : response: 0

Whereas for IMAP:
Dec  6 11:03:24 cyrus-server saslauthd[1842]: rel_accept_lock : released 
accept lock
Dec  6 11:03:24 cyrus-server saslauthd[1837]: get_accept_lock : acquired 
accept lock
Dec  6 11:03:24 cyrus-server pam_winbind[1842]: user 'cyrususer' granted 
acces
Dec  6 11:03:24 cyrus-server pam_winbind[1842]: user 'cyrususer' granted 
acces
Dec  6 11:03:24 cyrus-server saslauthd[1842]: do_auth         : auth 
success: [user=cyrususer] [service=imap] [realm=] [mech=pam]
Dec  6 11:03:24 cyrus-server saslauthd[1842]: do_request      : 
response: OK'

See?  No difference.
For cyradm:
cyrus-server>cyradm --user  cyrusadmin --auth login localhost
IMAP Password:
Login failed: can't request info until later in exchange at 
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm 
line 118
cyradm: cannot authenticate to server with login as cyrus

Yet this is a user that exists in /etc/sasldb2:
cyrus-server> sasldblistusers2
[EMAIL PROTECTED]: userPassword
[EMAIL PROTECTED]: userPassword
[EMAIL PROTECTED]: cmusaslsecretOTP
[EMAIL PROTECTED]: cmusaslsecretOTP
Just for the sake of completeness, here is the contents of my 
/usr/local/lib/sasl directory:

cyrus-server> ls -l /usr/local/lib/sasl2
total 600
-rwxr-xr-x    1 root     root          711 Dec  6 10:02 libanonymous.la
lrwxrwxrwx    1 root     root           22 Dec  6 10:02 libanonymous.so 
-> libanonymous.so.2.0.20
lrwxrwxrwx    1 root     root           22 Dec  6 10:02 
libanonymous.so.2 -> libanonymous.so.2.0.20
-rwxr-xr-x    1 root     root        89354 Dec  6 10:02 
libanonymous.so.2.0.20
-rwxr-xr-x    1 root     root          695 Dec  6 10:02 liblogin.la
lrwxrwxrwx    1 root     root           18 Dec  6 10:02 liblogin.so -> 
liblogin.so.2.0.20
lrwxrwxrwx    1 root     root           18 Dec  6 10:02 liblogin.so.2 -> 
liblogin.so.2.0.20
-rwxr-xr-x    1 root     root        88558 Dec  6 10:02 liblogin.so.2.0.20
-rwxr-xr-x    1 root     root          684 Dec  6 10:02 libotp.la
lrwxrwxrwx    1 root     root           16 Dec  6 10:02 libotp.so -> 
libotp.so.2.0.20
lrwxrwxrwx    1 root     root           16 Dec  6 10:02 libotp.so.2 -> 
libotp.so.2.0.20
-rwxr-xr-x    1 root     root       155138 Dec  6 10:02 libotp.so.2.0.20
-rwxr-xr-x    1 root     root          695 Dec  6 10:02 libplain.la
lrwxrwxrwx    1 root     root           18 Dec  6 10:02 libplain.so -> 
libplain.so.2.0.20
lrwxrwxrwx    1 root     root           18 Dec  6 10:02 libplain.so.2 -> 
libplain.so.2.0.20
-rwxr-xr-x    1 root     root        88316 Dec  6 10:02 libplain.so.2.0.20
-rwxr-xr-x    1 root     root          716 Dec  6 10:02 libsasldb.la
lrwxrwxrwx    1 root     root           19 Dec  6 10:02 libsasldb.so -> 
libsasldb.so.2.0.20
lrwxrwxrwx    1 root     root           19 Dec  6 10:02 libsasldb.so.2 
-> libsasldb.so.2.0.20
-rwxr-xr-x    1 root     root       145666 Dec  6 10:02 libsasldb.so.2.0.20

I have a sym link from /usr/local/lib/sals2 to /usr/local/lib/sasl, 
/usr/lib/sasl2, and /usr/lib/sasl.

Here is my /etc/imapd.conf:
postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: noctest admin
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername:  cyrus-server.domain.com
autocreatequota: 40000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
ievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
tls_ca_file: /var/imap/server.pem
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem




---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html