2010/7/2 D G Teed <donald.t...@gmail.com> > > > Subject: Authentication problems since Redhat 5.5 updates >> >> We had a nice trouble free cyrus running until it was updated >> with updates from Redhat today. >> >> I've tested with testsaslauthd (no service name given) and it works OK, >> so I'd think things are fine on the pam, AD and ldap end. >> >> In the cyrus server's maillog I'm seeing messages like this >> from attempts to connect from the remote webmail: >> >> Jul 2 13:54:22 navi imap[4073]: badlogin: >> webmail.example.com[XXX.YYY.ZZZ.111] CRAM-MD5 [SASL(-13): user not found: no >> secret in >> database] >> >> Logins from some other IMAP, like my thunderbird, using a secure IMAP >> port, work OK. >> >> cyradm can connect, but scripts we have, using IMAP::Admin have stopped >> working. >> >> # cyrsetquota dteed 100 >> IMAP::Admin [ initialize ]: try NO Login failed: authentication failure >> >> This is cyrus 2.3.7 from Redhat, identifying as: >> >> name : Cyrus IMAPD >> version : v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3 2006/07/10 13:46:20 >> vendor : Project Cyrus >> support-url: http://asg.web.cmu.edu/cyrus >> os : Linux >> os-version : 2.6.18-194.8.1.el5 >> environment: Built w/Cyrus SASL 2.1.22 >> Running w/Cyrus SASL 2.1.22 >> Built w/Sleepycat Software: Berkeley DB 4.3.29: (February 19, >> 2009) >> Running w/Sleepycat Software: Berkeley DB 4.3.29: (February >> 19, 2009) >> Built w/OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 >> Running w/OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 >> CMU Sieve 2.3 >> TCP Wrappers >> NET-SNMP >> mmap = shared >> lock = fcntl >> nonblock = fcntl >> idle = idled >> >> These packages were updated by Redhat related to sasl: >> >> Jul 02 10:36:41 Updated: cyrus-sasl-lib-2.1.22-5.el5_4.3.i386 >> Jul 02 10:37:11 Updated: cyrus-sasl-plain-2.1.22-5.el5_4.3.i386 >> Jul 02 10:37:44 Installed: cyrus-sasl-md5-2.1.22-5.el5_4.3.i386 >> Jul 02 10:38:01 Updated: cyrus-sasl-2.1.22-5.el5_4.3.i386 >> >> I tried removing cyrus-sasl-md5 and restarting saslauthd but it did not >> help. >> >> There has to be something silly getting in the way but what? >> >> --Donald >> >
I have things working again. I had disabled Unix authentication in pam temporarily to try troubleshooting with my account. That had the side effect of disabling the cyrus user from authentication. So that explains the scripts using IMAP::Admin breaking. I also removed the package cyrus-sasl-md5 and I believe this has an impact on the issue I was facing with "CRAM-MD5". Any tips on how to co-exist with that package are welcomed. --Donald
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
