I'm having an issue with cyrus-imapd with regards to authentication - I believe that cyradm is using DIGEST-MD5 for authentication which I don't want to use: I just want to use the shadow password file with saslauthd for now so I can test a few things then worry about that later.
Excerpts from relevant logs / output of commands:
[EMAIL PROTECTED] root]# cyradm -u cyrus localhost
Password:
Segmentation fault
------------------------------------------------
Dec 10 09:25:32 Seymour imap[25578]: badlogin: Seymour [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database]
------------------------------------------------
Dec 10 09:25:30 Seymour imap[25578]: DIGEST-MD5 server step 1
Dec 10 09:25:30 Seymour perl: DIGEST-MD5 client step 2
Dec 10 09:25:32 Seymour imap[25578]: DIGEST-MD5 server step 2
Dec 10 09:25:32 Seymour imap[25578]: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 10 09:25:32 Seymour imap[25578]: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 10 09:25:32 Seymour imap[25578]: no secret in database
----------------------------------------------
[EMAIL PROTECTED] root]# more /etc/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: root cyrus
sasl_pwcheck_method: saslauthd
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem
---------------------------------------------
[EMAIL PROTECTED] root]# imtest -t "" localhost
S: * OK Seymour Cyrus IMAP4 v2.2.10 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=LOGIN SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN cm9vdAByb290ADEyMzQ1Ng==
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.
-------------------------------------------------
[EMAIL PROTECTED] root]# telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Seymour Cyrus POP3 v2.2.10 server ready <[EMAIL PROTECTED]>
^]
telnet> q
Connection closed.
--------------------------------------------------
I compiled cyrus-sasl (as per the instructions) with support for berkeley DB and I'm wondering if this is the cause of the problem? It appears as though the system is attempting to use that for authentication. I've tried changing the setting sasl_pwcheck_method from saslauthd to shadow in /etc/imapd.conf (and restart master) however that doesn't appear to change the error message.
Any help appreciated.
Thanks,
Justin
