On 04/01/2010 10:02 PM, Dan White wrote: > On 01/04/10 18:43 -0500, Derek Chen-Becker wrote: >> I've been googling and reading the mailing lists all afternoon and I >> just can't figure this out. I've even tried trussing (Solaris) >> sync_server and saslauthd. When I run synctest against my 2.3.16 server >> it comes back with an auth error: >> >> badlogin: mail.cpicorp.com [192.168.25.10] PLAIN [SASL(-4): no mechanism >> available: Couldn't find mech PLAIN] >> >> Of course, if I use imtest to hit imapd on the same machine it logs in >> fine with the PLAIN mech. I found a similar post on google, but I >> couldn't find any resolution to the issue. One question would be whether >> sync_server actually honors the /etc/imapd.conf sasl settings. In my >> case, it's just: >> >> allowanonymouslogin: no >> allowplaintext: yes >> sasl_pwcheck_method: saslauthd > > Use synctest (or telnet <host> csync) to visually verify that the PLAIN > mechanism is being offered by the server: > > dwh...@zek:~$ synctest localhost > S: * SASL SRP DIGEST-MD5 PASSDSS-3DES-1 GSSAPI OTP NTLM CRAM-MD5 LOGIN > PLAIN > S: * OK zek Cyrus sync server v2.3.16 > > And verify that the host you're running sync_client on has the PLAIN mech > installed with pluginviewer.
This looks bad: bash-3.00# /usr/local/sbin/pluginviewer No server side SASL mechanisms installed Segmentation Fault (core dumped) bash-3.00# /usr/cyrus/bin/synctest localhost S: * STARTTLS S: * OK mail.cpicorp.com Cyrus sync server v2.3.16 Authentication failed. generic failure Security strength factor: 0 ^CC: EXIT Connection closed. If I run imtest against the machine I'm seeing different output from another Solaris 10 box that's running 2.3.15: bash-3.00$ /usr/cyrus/bin/imtest -u dbecker -a dbecker -m PLAIN snmail S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS COMPRESS=DEFLATE] mail.cpicorp.com Cyrus IMAP v2.3.16 server ready C: A01 AUTHENTICATE PLAIN S: A01 NO no mechanism available Authentication failed. generic failure Security strength factor: 0 ^CC: Q01 LOGOUT Connection closed. -bash-3.00$ /usr/cyrus/bin/imtest -u dbecker -a dbecker -m PLAIN ssmail S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=LOGIN AUTH=PLAIN SASL-IR COMPRESS=DEFLATE] mail.cpicorp.com Cyrus IMAP v2.3.15 server ready Please enter your password: The 2.3.16 box seems to be missing the AUTH=LOGIN, AUTH=PLAIN and SASL-IR capabilities, but I've copied the configs verbatim from the 2.3.15 box. The only thing I can think of is that I've somehow missed copying a config file somewhere. Worst case, maybe I'll try to build 2.3.15 on the box to make sure that that works properly before testing out 2.3.16. I feel like I must be missing something really simple here. All of the plugins appear to be in place on the machine in question: bash-3.00$ ls /usr/local/lib/sasl2/ libanonymous.la libdigestmd5.so.2 libplain.la libanonymous.so libdigestmd5.so.2.0.22 libplain.so libanonymous.so.2 libgssapiv2.la libplain.so.2 libanonymous.so.2.0.22 libgssapiv2.so libplain.so.2.0.22 libcrammd5.la libgssapiv2.so.2 libsasldb.la libcrammd5.so libgssapiv2.so.2.0.22 libsasldb.so libcrammd5.so.2 liblogin.la libsasldb.so.2 libcrammd5.so.2.0.22 liblogin.so libsasldb.so.2.0.22 libdigestmd5.la liblogin.so.2 smtpd.conf libdigestmd5.so liblogin.so.2.0.22 Thanks, Derek -- ---------------------------------------------------------------------- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbec...@cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 ---------------------------------------------------------------------- ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
