Re: pam+cyrus failed to authenticate

Tue, 16 Nov 2004 00:37:56 -0800 

Simon Matter wrote:

Hi,

I got cyrus-imap2.2 and cyrus-sasl2.1.20 with saslauthd2 compiled in
FreeBSD 5.3.
I can successfully login with the following cyradm command:
# cyradm -u cyrus --server gateway.mydom.com --auth plain
Password:
IMAP Password:
           gateway.mydom.com>
The log corresponding to the above cyradm command is:

Nov 16 06:06:43 gateway imap[73636]: badlogin: gateway.mydom.com
[192.168.4.88] PLAIN [SASL(-16): encryption needed to use mechanism:
security flags do not match required]
Nov 16 06:06:46 gateway perl: No worthy mechs found
Nov 16 06:06:50 gateway imap[73636]: login: gateway.mydom.com
[192.168.4.88] cyrus plaintext User logged in

I can see there is some problem here eventhought cyradm login
successfully, but the second log message indicated that cyrus is logged
in.
Then, I also added [EMAIL PROTECTED] user account using the cyradm admin
shell.

I further test the cyrus server by adding [EMAIL PROTECTED] to the
imap.password file:
pwadd -a [EMAIL PROTECTED]



I'm not sure this will work. IIRC with pam the you have to use 'saslauth
-r' to make it not remove everything behind @.


Thanks, it works from external mail client (mozilla).
The log msg is:
Nov 16 07:32:06 gateway imap[73957]: login: [192.168.4.235] [EMAIL PROTECTED] plaintext User logged in

But the following imtest command failed when I test it in the gateway as root:
imtest -m plaintext -v -a [EMAIL PROTECTED]
The error log is:
Nov 16 07:30:17 gateway imap[73953]: badlogin: localhost.mydom.com [::1] PLAIN [SASL(-16): encryption needed to use mechanism: security flags do not match required]

Thanks
Sam

Simon



# cat imap.passwd
[EMAIL PROTECTED]:$1$OxTrXXu7$SPv0UCpp4BuyFGy6uQkBn1
cyrus:$1$EUHsnXCc$qpuk26X8VPQnIifMbnap6.
[EMAIL PROTECTED]:$1$3gb6Wviv$0zrfF91CdEd3IlI7c62QQ1

But imtest failed with the following message:

Nov 16 06:05:16 gateway saslauthd[73020]: user not found in password
database
Nov 16 06:05:16 gateway imap[73621]: badlogin: gateway.mydom.com
[192.168.4.88] plaintext [EMAIL PROTECTED] SASL(-13): authentication
failure: checkpass failed

I searched google, but found not much useful information.
Can anyone tell me how to fix this problem?

I have saslauthd started with -a pam.
imapd.conf is defined with the option:
sasl_pwcheck_method: saslauthd

Thanks
Sam










--
Senior Security Architect/Consultant
AuthTec Gateway Limited
Mobile: +852 9839 2464  
Email: [EMAIL PROTECTED]
Website: http://www.authtec.com


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to