Hello,
I submit my question a second time since do not find the problem. I suppose it to be something simple which could easily be overlooked. Maybe it is related with the virtual-domains, but I checked the manual/Howto/faq various times. I also though about something that has to do with permissions / access-rights ?
Any suggestion would be highly appreciated.
Problem is: I can not authenticate imap/pop-users using auxprop and /etc/sasldb2
On the same machine runs postfix and authentication via TLS and SASL/auxprop works fine. So I can send mails but can not retrieve mails via pop/imap.
When trying to do so, /var/log/messages reads like below when trying to authenticate via login & tls
Aug 2 00:00:23 master master[23882]: about to exec /usr/lib/cyrus/bin/pop3d
Aug 2 00:00:23 master pop3[23882]: executed
Aug 2 00:00:23 master pop3[23882]: accepted connection
Aug 2 00:00:23 master pop3[23882]: TLS server engine: cannot load CA data
Aug 2 00:00:23 master pop3[23882]: TLS server engine: No CA file specified. Client side certs may not work
Aug 2 00:00:23 master pop3[23882]: mystore: starting txn 2147483650
Aug 2 00:00:23 master pop3[23882]: mystore: committing txn 2147483650
Aug 2 00:00:23 master pop3[23882]: starttls: TLSv1 with cipher RC4-SHA (128/128 bits new) no authentication
Aug 2 00:00:26 master pop3[23882]: badlogin: [212.166.101.83] LOGIN user not found
or else via plaintext & tls
Aug 2 00:12:49 master master[23899]: about to exec /usr/lib/cyrus/bin/pop3d
Aug 2 00:12:49 master pop3[23899]: executed
Aug 2 00:12:49 master pop3[23899]: accepted connection
Aug 2 00:12:49 master pop3[23899]: TLS server engine: cannot load CA data
Aug 2 00:12:49 master pop3[23899]: TLS server engine: No CA file specified. Client side certs may not work
Aug 2 00:12:50 master pop3[23899]: mystore: starting txn 2147483658
Aug 2 00:12:50 master pop3[23899]: mystore: committing txn 2147483658
Aug 2 00:12:50 master pop3[23899]: starttls: TLSv1 with cipher RC4-SHA (128/128 bits new) no authentication
Aug 2 00:12:50 master pop3[23899]: badlogin: [212.166.101.83] plaintext nospam SASL(-13): user not found: checkpass failed
I run cyrus-imapd-2.2.3 on SuSE Linux 9.1. There is a whole lot of other cyrus / sasl rpm's installed:
cyrus-sasl-2.1.18-29 cyrus-imapd-2.2.3-79 cyrus-sasl-crammd5-2.1.18-29 cyrus-sasl-digestmd5-2.1.18-29 cyrus-sasl-otp-2.1.18-29 cyrus-sasl-devel-2.1.18-29 cyrus-sasl-gssapi-2.1.18-29 cyrus-sasl-plain-2.1.18-29
The user in question is listed with sasldblistusers2 (and works when sending mails).
/etc/imapd.conf reads like: <...> sasl_pwcheck_method: auxprop sasl_mech_list: login plain allowplaintext: yes virtdomains: yes defaultdomain: koordinaten.at tls_cert_file: /var/lib/imap/server.pem tls_key_file: /var/lib/imap/server.pem <...>
# ls -l /etc/sasldb2 -rw-r----- 1 cyrus mail 12288 Jul 28 00:11 /etc/sasldb2
master:~ # sasldblistusers2 [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword [EMAIL PROTECTED]: userPassword master:~ # master:~ # cyradm localhost IMAP Password: localhost> lm user.nospam (\HasNoChildren)
I test using Opera 7.23 with the following configuration: Server: POP (port: 110) enable TLS: yes username: nospam%markom.at (also tried [EMAIL PROTECTED] - same result) Authentication: AUTH LOGIN (also tried "plaintext" - same result)
When updating passwords with saslpasswd2 there is a strange message in /var/log/messages (although the user is created and/or password changed):
Aug 3 21:55:55 master saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found
I could not find any useful explanation to that message - it still feels harmless to me (?)
/etc/cyrus.conf:
imap cmd="imapd" listen="imap" prefork=0 # imaps cmd="imapd -s" listen="imaps" prefork=0 pop3 cmd="pop3d" listen="pop3" prefork=0 # pop3s cmd="pop3d -s" listen="pop3s" prefork=0 # sieve cmd="timsieved" listen="sieve" prefork=0
saslauthd ist not running (and should not be necessary according to FAQ ?)
I suppose that in some way the authentication mechanism is not ok or not supported - but I an't figure out any details about - and may also be completely misdirected.
So if anyone coud give me a clue, it would be most appreciated (as likewise any hint on how to make imapd more verbous for debugging).
thanks & regards
Peter --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
