When you authenticate, you need to use a SASL mech which supports proxying. Look at doc/mechanisms.html in the SASL distro for a complete list. In your case, you should be able to use at least PLAIN (you can use others if using OpenLDAP 2.2's auxprop plugin). Here's how you'd authenticate as 'cyrus' and login as 'test' using imtest and cyradm:
I'm using saslauthd (readme.html says that PLAIN uses saslauthd), mechanisms.html says that PLAIN can proxy, I have in my imapd.conf
sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN
but
imtest -a cyrus -u test -m plain localhost
tells me that plain is not available:
$ imtest -a cyrus -u luca -m plain localhost
S: * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
While I see this message in the logs:
PLAIN [SASL(-4): no mechanism available: security flags do not match required]
The plain pluging *is* installed (in fact I couldn't login to sieve without it):
$ telnet localhost sieve
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.1.12-Mandrake-RPM-2.1.12-1mdk"
"SASL" "PLAIN"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex"
"STARTTLS"
OK
Note that if I omit the "-m plain" it will logs me in as user cyrus (so no proxy):
$ imtest -a cyrus -u luca localhost
S: * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {7}
S: + go ahead
C: <omitted>
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
cyradm --user cyrus --authz test --auth plain localhost
Will log me in as user cyrus (no proxy) (I gave the same password for user cyrus to both prompts):
$ cyradm --user cyrus --authz luca --auth plain localhost Password: IMAP Password: localhost.localdomain> lm INBOX localhost.localdomain> lm user.luca user.luca (\HasChildren) localhost.localdomain>
Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007
