-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi Georg
>>>>login with [EMAIL PROTECTED]
>
> this is the part I was talking about. If you have virtdomains: yes,
> imapd adds a realm to all usernames without realm, so on my server the
> real username used with sasl is [EMAIL PROTECTED], which I
> have in my user database, so I can log in.
i've been googling the lists abt realms.
let's just say their use/implementation is *not* very clear to me :-/
AND, apparently, quite a few others have issues/questions as well ...
>>
>>ok. mine is:
>>
>>imtest -t "" -p imap -m plain -a my.admin -u [EMAIL PROTECTED] 127.0.0.1
>>login: localhost [127.0.0.1] testuser PLAIN+TLS
>
>
> I think your imapd will try to use a username like this:
> [EMAIL PROTECTED] to log in. hmm, have you set
> defaultdomain?
yes.
ok. fwiw,
imapd.conf:
...
virtdomains: on
defaultdomain: testdomain.com
servername: mail.openexec.com
...
and,
sasldblistusers2 -f USERS/sasldb2
[EMAIL PROTECTED]: userPassword
[EMAIL PROTECTED]: userPassword
you are correct, imtest is logging in using the "-a" auth credential, i.e.
[EMAIL PROTECTED]
just to test, trying:
imtest -t "" -p imap -m plain -a my.admin -u [EMAIL PROTECTED] 127.0.0.1
also 'works',
>>login: localhost [127.0.0.1] ABCD PLAIN+TLS
even though "[EMAIL PROTECTED]" neither exists in sasldb2, nor has had a
mailbox created.
AND,
imtest -t "" -p imap -m plain -a XXXX.admin -u [EMAIL PROTECTED]
127.0.0.1
fails login,
DMCYRUS/imaplocal[18263]: Password verification failed
DMCYRUS/imaplocal[18263]: badlogin: localhost [127.0.0.1] PLAIN
[SASL(-13): user not found:
Password verification failed]
this *is* how i understand the operation ... you can 'log in' as any user, as
long as the auth
credential (-a ...) is valid. when it's NOT valid, no login.
so, when i login "from localhost on the localhost interface", all seems OK.
> Here the strange thing is that the servername part is cut off, so I
> cannot login like this. Same like you.
>
> What I don't understand is how imapd constructs the the realm. I asked
> on this list four days ago (cyrus sasl realm problem), but I still don't
> understand it really :(
>
> that's what I received from Brad Crotchett:
> ...
ok.
when i login "from localhost on the EXTERNAL interface"
imtest -t "" -p imap -m plain -a my.admin -u [EMAIL PROTECTED]
mail.testdomain.com
i get a login FAILure:
DMCYRUS/imap[18339]: Password verification failed
DMCYRUS/imap[18339]: badlogin: sv2.testdomain.com [10.0.0.5] PLAIN
[SASL(-13): user not found:
Password verification failed]
AND, when i login "from external on the external interface",
imtest -t "" -p imap -m plain -a my.admin -u [EMAIL PROTECTED]
mail.testdomain.com
i *still* get a failed login:
DMCYRUS/imap[18337]: Password verification failed
DMCYRUS/imap[18337]: badlogin: pb1.testdomain.com [10.0.0.7] PLAIN
[SASL(-13): user not found:
Password verification failed]
so, my current 'bottom line' is:
imtest:
from localhost [127.0.0.1] on the localhost [127.0.0.1] interface -->
OK
from localhost [127.0.0.1] on the external [10.0.0.5] interface -->
FAIL
from external [10.0.0.7] on the external [10.0.0.5] interface -->
FAIL
> On my system I can login from localhost on the localhost interface, and
> from external on the external interface. I can live with that, although
> I would like to understand what's happening.
unfortunately i can NOT live with that :-{
argh.
richard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
iEYEAREDAAYFAkNGrbQACgkQGnqMy4gvZ6FniQCcCRW4rT5vNj6nCZkGJZg1cfYc
toAAn1aZSJryIdrPRjxVaivQWbA66TLi
=8gfe
-----END PGP SIGNATURE-----
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
