Re: No authentication error when replication attempted in automatic mode
This is solved by creating self-signed CA (certificate authority) and
certificate+private key bundle. The essential detail is that when
generating the certificate you need to specify Common Name (CN) as a
fully qualified domain name (hostA.localdoman or hostA.imapsite.net,
etc.). This must be done for each host involved, and each certificate
should have that host's FQDN specified as CN. Once the certs were in
place and the service restarted sync_client has been able to login
without any problems.
On Wed, Jul 20, 2011 at 4:56 PM, Ivan Lezhnjov Jr.
wrote:
> I've said before that I fixed the issue with authentication from
> Master<->Replica in a basic two-host setup in a mysterious way. Funny
> thing is that I've managed to successfully replicate from M to R and
> vice versa, swapping the roles of the hosts as many times as I wanted.
> Everything worked as expected.
>
> Then I set out to repeat this success on a set of two other machines,
> and reached another dead end with a slightly different problem.
>
> This message attempts to describe the issue that I'm battling with and
> what has been tried thus far to win this fight :)
>
> This is a basic two-host setup, host A is Master, host B is Replica.
>
> When replication is attempted in automatic mode it fails.
> Incidentally, it fails in manual mode too.
>
> --- Replica
> Jul 20 15:29:24 clone-machine-target syncserver[3630]: accepted connection
> Jul 20 15:29:24 clone-machine-target syncserver[3630]: cmdloop(): startup
> Jul 20 15:29:24 clone-machine-target syncserver[3630]: imapd:Loading
> hard-coded DH parameters
> Jul 20 15:29:24 clone-machine-target syncserver[3630]: SSL_accept()
> incomplete -> wait
> Jul 20 15:29:24 clone-machine-target syncserver[3630]: SSL_accept()
> succeeded -> done
> Jul 20 15:29:24 clone-machine-target syncserver[3630]: starttls: TLSv1
> with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authent
> ication
>
> --- Master
> Jul 20 15:29:00 clone-machine sync_client[3638]: Doing a peer verify
> Jul 20 15:29:00 clone-machine sync_client[3638]: verify
> error:num=19:self signed certificate in certificate chain
> Jul 20 15:29:00 clone-machine sync_client[3638]: received server certificate
> Jul 20 15:29:00 clone-machine sync_client[3638]: starttls: TLSv1 with
> cipher DHE-RSA-AES256-SHA (256/256 bits new client) no authen
> tication
> Jul 20 15:29:00 clone-machine sync_client[3638]: couldn't authenticate
> to backend server: no mechanism available
> Jul 20 15:29:00 clone-machine sync_client[3638]: Can not connect to
> server '10.10.0.178'
>
> The interesting fact is that I can successfully authenticate with
> synctest from Master to Replica like this:
>
> [root@clone-machine ~]# synctest -a cyrus -u cyrus -m plain -t ""
> replica.localdomain
> S: * SASL PLAIN LOGIN
> S: * STARTTLS
> S: * COMPRESS DEFLATE
> S: * OK clone-machine-target Cyrus sync server v2.4.10-Kolab-2.4.10-1
> C: STARTTLS
> S: OK Begin TLS negotiation now
> verify error:num=19:self signed certificate in certificate chain
> TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256
> bits)
> S: * SASL PLAIN LOGIN
> S: * OK clone-machine-target Cyrus sync server v2.4.10-Kolab-2.4.10-1
> Please enter your password:
> C: AUTHENTICATE PLAIN Y3lydXMAY3lydXMAY3lydXNhZG1pbnJlcGxpY2E=
> S: OK Success (tls protection)
> Authenticated.
> Security strength factor: 256
>
> but /usr/lib/cyrus-imapd/sync_client -r fails to.
>
>
>
> SITE CONFIGURATION
>
>
> --- Master
> [root@clone-machine ~]# cat /etc/imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> sasl_minimum_layer: 0
> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd-my.pem
> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd-my.pem
> tls_ca_file: /etc/pki/tls/certs/cacert.pem
> guid_mode: sha1
> delete_mode: immediate
> sync_host: 10.10.0.178
> sync_authname: cyrus
> syncpassword: x
> sync_log: 1
> allowplaintext: 1
> tcp_keepalive: 1
>
> [root@clone-machine ~]# cat /etc/cyrus.conf |grep -v \#
>
> START {
> recover cmd="ctl_cyrusdb -r"
>
> idled cmd="idled"
>
> syncclient cmd="/usr/lib/cyrus-imapd/sync_client -r"
> }
>
> SERVICES {
> imap cmd="imapd" listen="imap" prefork=5 provide_uuid=1
> imaps cmd="imapd -s" listen="imaps" prefork=1 provide_uuid=1
>
>
> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
> provide_uuid=1
>
> }
>
> EVENTS {
> checkpoint cmd="ctl_cyrusdb -c" period=30
>
> delprune cmd="cyr_expire -D 7 -E 3 -X 7" at=0400
>
> tlsprune cmd="tls_prune" at=0400
> }
>
>
>
> --- Replica
> [root@clone-machine-target ~]# cat /etc/imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail:
No authentication error when replication attempted in automatic mode
I've said before that I fixed the issue with authentication from
Master<->Replica in a basic two-host setup in a mysterious way. Funny
thing is that I've managed to successfully replicate from M to R and
vice versa, swapping the roles of the hosts as many times as I wanted.
Everything worked as expected.
Then I set out to repeat this success on a set of two other machines,
and reached another dead end with a slightly different problem.
This message attempts to describe the issue that I'm battling with and
what has been tried thus far to win this fight :)
This is a basic two-host setup, host A is Master, host B is Replica.
When replication is attempted in automatic mode it fails.
Incidentally, it fails in manual mode too.
--- Replica
Jul 20 15:29:24 clone-machine-target syncserver[3630]: accepted connection
Jul 20 15:29:24 clone-machine-target syncserver[3630]: cmdloop(): startup
Jul 20 15:29:24 clone-machine-target syncserver[3630]: imapd:Loading
hard-coded DH parameters
Jul 20 15:29:24 clone-machine-target syncserver[3630]: SSL_accept()
incomplete -> wait
Jul 20 15:29:24 clone-machine-target syncserver[3630]: SSL_accept()
succeeded -> done
Jul 20 15:29:24 clone-machine-target syncserver[3630]: starttls: TLSv1
with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authent
ication
--- Master
Jul 20 15:29:00 clone-machine sync_client[3638]: Doing a peer verify
Jul 20 15:29:00 clone-machine sync_client[3638]: verify
error:num=19:self signed certificate in certificate chain
Jul 20 15:29:00 clone-machine sync_client[3638]: received server certificate
Jul 20 15:29:00 clone-machine sync_client[3638]: starttls: TLSv1 with
cipher DHE-RSA-AES256-SHA (256/256 bits new client) no authen
tication
Jul 20 15:29:00 clone-machine sync_client[3638]: couldn't authenticate
to backend server: no mechanism available
Jul 20 15:29:00 clone-machine sync_client[3638]: Can not connect to
server '10.10.0.178'
The interesting fact is that I can successfully authenticate with
synctest from Master to Replica like this:
[root@clone-machine ~]# synctest -a cyrus -u cyrus -m plain -t ""
replica.localdomain
S: * SASL PLAIN LOGIN
S: * STARTTLS
S: * COMPRESS DEFLATE
S: * OK clone-machine-target Cyrus sync server v2.4.10-Kolab-2.4.10-1
C: STARTTLS
S: OK Begin TLS negotiation now
verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
S: * SASL PLAIN LOGIN
S: * OK clone-machine-target Cyrus sync server v2.4.10-Kolab-2.4.10-1
Please enter your password:
C: AUTHENTICATE PLAIN Y3lydXMAY3lydXMAY3lydXNhZG1pbnJlcGxpY2E=
S: OK Success (tls protection)
Authenticated.
Security strength factor: 256
but /usr/lib/cyrus-imapd/sync_client -r fails to.
SITE CONFIGURATION
--- Master
[root@clone-machine ~]# cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sasl_minimum_layer: 0
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd-my.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd-my.pem
tls_ca_file: /etc/pki/tls/certs/cacert.pem
guid_mode: sha1
delete_mode: immediate
sync_host: 10.10.0.178
sync_authname: cyrus
syncpassword: x
sync_log: 1
allowplaintext: 1
tcp_keepalive: 1
[root@clone-machine ~]# cat /etc/cyrus.conf |grep -v \#
START {
recover cmd="ctl_cyrusdb -r"
idled cmd="idled"
syncclientcmd="/usr/lib/cyrus-imapd/sync_client -r"
}
SERVICES {
imap cmd="imapd" listen="imap" prefork=5 provide_uuid=1
imaps cmd="imapd -s" listen="imaps" prefork=1 provide_uuid=1
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
provide_uuid=1
}
EVENTS {
checkpointcmd="ctl_cyrusdb -c" period=30
delprune cmd="cyr_expire -D 7 -E 3 -X 7" at=0400
tlsprune cmd="tls_prune" at=0400
}
--- Replica
[root@clone-machine-target ~]# cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd-my.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd-my.pem
tls_ca_file: /etc/pki/tls/certs/cacert.pem
allowplaintext: 1
tcp_keepalive: 1
[root@clone-machine-target ~]# cat /etc/cyrus.conf |grep -v \#
START {
recover cmd="ctl_cyrusdb -r"
idled cmd="idled"
}
SERVICES {
imap cmd="imapd" listen="imap" prefork=5 provide_uuid=1
imaps cmd="imapd -s" listen="imaps" prefork=1 provide_uuid=1
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
provide_uuid=1
syncserver cmd="/usr/lib/cyrus-imapd/sync_server" listen="csync"
}
EVENTS {
checkpointcmd="ctl_cyrusdb -c" peri
sieve: authentication error
Hello,
I am having trouble with sieve not wanting to authenticate anyone. imtest
works fine, sivtest (and therefore sieveshell) do not, no matter what
sasl-mechanism I am trying. I am using auxprop (sasldb) as user database. Two
examples below, but fails for all mechanisms. Fails for the adminstrative
user "cyrus", too.
This problem seems to be quite common, however, I have not found any useful
answer so far. So, if anyone has an Idea, I'd appreciate any help.
# sivtest -u test -a test localhost
S: "IMPLEMENTATION" "Cyrus timsieved v2.2.8-Gentoo"
S: "SASL" "GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational regex"
S: "STARTTLS"
S: OK
Authentication failed. generic failure
Security strength factor: 0
# sivtest -u test -a test localhost -m DIGEST-MD5
S: "IMPLEMENTATION" "Cyrus timsieved v2.2.8-Gentoo"
S: "SASL" "GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational regex"
S: "STARTTLS"
S: OK
C: AUTHENTICATE "DIGEST-MD5"
S: {244}
S:
bm9uY2U9IkVBbWROaHRoY1FxdUt0VDNhN0U1ZDhPV21STXkraEpiVjFtWUszNTNKVk09IixyZWFsbT0iZHJhY2hlbnRvciIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password:
{348+}
C:
dXNlcm5hbWU9InRlc3QiLHJlYWxtPSJkcmFjaGVudG9yIixub25jZT0iRUFtZE5odGhjUXF1S3RUM2E3RTVkOE9XbVJNeStoSmJWMW1ZSzM1M0pWTT0iLGNub25jZT0iNW1rR21SWkdtaGo0akdNVXdUbS8zcXdMK0hpZW5kWmZPcGVrcEhkQVpzST0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaGVyPXJjNCxtYXhidWY9MTAyNCxkaWdlc3QtdXJpPSJzaWV2ZS9sb2NhbGhvc3QiLHJlc3BvbnNlPThkOTFkOGZmY2ExMzdmODZjNzAyMDJiYjc1MGViMTcx
S: NO "Authentication Error"
Authentication failed. generic failure
Security strength factor: 128
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyradm authentication error
On Mon, Mar 08, 2004 at 06:02:11PM +0100, Michele Digioia wrote: > When I try to enter cyradm: > cyradm -u cyrus localhost > I receive: > cyradm: cannot authenticate to server with as root > > Why root? I tried with cyrus! If --authz is not supplied, it will default to $USER. So, try: cyradm --user cyrus --authz cyrus localhost --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyradm authentication error
When I try to enter cyradm: cyradm -u cyrus localhost I receive: cyradm: cannot authenticate to server with as root Why root? I tried with cyrus! The imtest works. I'm using sasldb2 authentication. Mechanisms enabled are DIGEST-MD5 and CRAM-MD5. I didn't configure sendmail. Cyrus version is 2.1.7. After installing, I copied perl5/site_perl/5.8.0/i386-linux-thread-multi subdirectory from usr/local/lib to usr/lib, to avoid compilation errors when launching cyradm. Three explanations are in my mind: cyradm needs plaintext mechanism authentication. cyradm needs sendmail. After installing, I had to copy something else. Does somebody know what can I do? Thanks --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: PAM Authentication error...
Emma Grant wrote: Hmmm... That would make sense for system users with email accounts, but this is a virtual setup using maildir, they don't have a mail box, but rather a directory. All my information is stored in a database; the default homedir, the maildir, email/username and password...etc Then you aren't using Cyrus correctly. You determine the location os the mail partitions, and that's it. Cyrus determines the name and location of the user's mailboxes. Cyrus is not UW IMAP. The virtual setup is working because I am able to send to the users...and they get a a directory with mail in it automatically. The problem is that I am unable to *retrieve* the mail using pop3. Thanks, Emma -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Murchison Sent: Monday, February 02, 2004 4:47 AM To: Emma Grant Cc: [EMAIL PROTECTED] Subject: Re: PAM Authentication error... Emma Grant wrote: Thanks for your reply. I ended up fixing the error by adding "account required /lib/security/pam_permit.so" at the top of my pop file in pam.d/pop I first tried pam_warn.so, and that told me that my account had expired, and since the really is no system account - email is virtual - I figured that is why it was giving the error. After adding pam_permit I have had no more auth errors. But now I am getting the error: -ERR [SYS/PERM] Unable to locate maildrop any ideas? The system can find the INBOX for the user that is logging in. You need to create a mailbox named user. for each user that will be accessing mail via IMAP or POP. Testsaslauthd? Where would I find this on RH ES? Do I still need it now I am not getting auth errors? No. Thanks, Emma -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Murchison Sent: Monday, February 02, 2004 12:30 AM To: Emma Grant Cc: [EMAIL PROTECTED] Subject: Re: PAM Authentication error... Emma Grant wrote: Hi All, I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my database so I can use my mail server with virtual domains (maildir). I believe that I have configured everything correctly except I am getting the error below when I check pop3 email: do_auth : auth failure: [EMAIL PROTECTED] [service=pop] [realm=] [mech=pam] [reason=PAM auth error] pop3[28753]: badlogin: my.ipaddress.location.etc plaintext [EMAIL PROTECTED] SASL(-13): authentication failure: checkpass failed Compile the testsaslauthd program in the SASL distro, and make sure that you can authenticate before moving on to Cyrus. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
RE: PAM Authentication error...
Hmmm... That would make sense for system users with email accounts, but this is a virtual setup using maildir, they don't have a mail box, but rather a directory. All my information is stored in a database; the default homedir, the maildir, email/username and password...etc The virtual setup is working because I am able to send to the users...and they get a a directory with mail in it automatically. The problem is that I am unable to *retrieve* the mail using pop3. Thanks, Emma -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Murchison Sent: Monday, February 02, 2004 4:47 AM To: Emma Grant Cc: [EMAIL PROTECTED] Subject: Re: PAM Authentication error... Emma Grant wrote: > Thanks for your reply. > > I ended up fixing the error by adding "account required > /lib/security/pam_permit.so" at the top of my pop file in pam.d/pop > > I first tried pam_warn.so, and that told me that my account had expired, > and since the really is no system account - email is virtual - I figured > that is why it was giving the error. After adding pam_permit I have had > no more auth errors. > > But now I am getting the error: > > -ERR [SYS/PERM] Unable to locate maildrop > > any ideas? The system can find the INBOX for the user that is logging in. You need to create a mailbox named user. for each user that will be accessing mail via IMAP or POP. > > Testsaslauthd? Where would I find this on RH ES? Do I still need it now > I am not getting auth errors? No. > > Thanks, > Emma > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ken > Murchison > Sent: Monday, February 02, 2004 12:30 AM > To: Emma Grant > Cc: [EMAIL PROTECTED] > Subject: Re: PAM Authentication error... > > Emma Grant wrote: > > >>Hi All, >> >> >> >>I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my >>database so I can use my mail server with virtual domains (maildir). >> >> >> >>I believe that I have configured everything correctly except I am >>getting the error below when I check pop3 email: >> >> >> >>do_auth : auth failure: [EMAIL PROTECTED] [service=pop] >>[realm=] [mech=pam] [reason=PAM auth error] >> >>pop3[28753]: badlogin: my.ipaddress.location.etc plaintext >>[EMAIL PROTECTED] SASL(-13): authentication failure: checkpass failed > > > Compile the testsaslauthd program in the SASL distro, and make sure that > > you can authenticate before moving on to Cyrus. > -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: PAM Authentication error...
Emma Grant wrote: Thanks for your reply. I ended up fixing the error by adding "account required /lib/security/pam_permit.so" at the top of my pop file in pam.d/pop I first tried pam_warn.so, and that told me that my account had expired, and since the really is no system account - email is virtual - I figured that is why it was giving the error. After adding pam_permit I have had no more auth errors. But now I am getting the error: -ERR [SYS/PERM] Unable to locate maildrop any ideas? The system can find the INBOX for the user that is logging in. You need to create a mailbox named user. for each user that will be accessing mail via IMAP or POP. Testsaslauthd? Where would I find this on RH ES? Do I still need it now I am not getting auth errors? No. Thanks, Emma -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Murchison Sent: Monday, February 02, 2004 12:30 AM To: Emma Grant Cc: [EMAIL PROTECTED] Subject: Re: PAM Authentication error... Emma Grant wrote: Hi All, I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my database so I can use my mail server with virtual domains (maildir). I believe that I have configured everything correctly except I am getting the error below when I check pop3 email: do_auth : auth failure: [EMAIL PROTECTED] [service=pop] [realm=] [mech=pam] [reason=PAM auth error] pop3[28753]: badlogin: my.ipaddress.location.etc plaintext [EMAIL PROTECTED] SASL(-13): authentication failure: checkpass failed Compile the testsaslauthd program in the SASL distro, and make sure that you can authenticate before moving on to Cyrus. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
RE: PAM Authentication error...
Thanks for your reply. I ended up fixing the error by adding "account required /lib/security/pam_permit.so" at the top of my pop file in pam.d/pop I first tried pam_warn.so, and that told me that my account had expired, and since the really is no system account - email is virtual - I figured that is why it was giving the error. After adding pam_permit I have had no more auth errors. But now I am getting the error: -ERR [SYS/PERM] Unable to locate maildrop any ideas? Testsaslauthd? Where would I find this on RH ES? Do I still need it now I am not getting auth errors? Thanks, Emma -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Murchison Sent: Monday, February 02, 2004 12:30 AM To: Emma Grant Cc: [EMAIL PROTECTED] Subject: Re: PAM Authentication error... Emma Grant wrote: > Hi All, > > > > I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my > database so I can use my mail server with virtual domains (maildir). > > > > I believe that I have configured everything correctly except I am > getting the error below when I check pop3 email: > > > > do_auth : auth failure: [EMAIL PROTECTED] [service=pop] > [realm=] [mech=pam] [reason=PAM auth error] > > pop3[28753]: badlogin: my.ipaddress.location.etc plaintext > [EMAIL PROTECTED] SASL(-13): authentication failure: checkpass failed Compile the testsaslauthd program in the SASL distro, and make sure that you can authenticate before moving on to Cyrus. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: PAM Authentication error...
Emma Grant wrote: Hi All, I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my database so I can use my mail server with virtual domains (maildir). I believe that I have configured everything correctly except I am getting the error below when I check pop3 email: do_auth : auth failure: [EMAIL PROTECTED] [service=pop] [realm=] [mech=pam] [reason=PAM auth error] pop3[28753]: badlogin: my.ipaddress.location.etc plaintext [EMAIL PROTECTED] SASL(-13): authentication failure: checkpass failed Compile the testsaslauthd program in the SASL distro, and make sure that you can authenticate before moving on to Cyrus. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
PAM Authentication error...
Hi All, I am running Cyrus Imap 2.2.3 on RH ES 3.0 using MySQL 3.23.58 as my database so I can use my mail server with virtual domains (maildir). I believe that I have configured everything correctly except I am getting the error below when I check pop3 email: do_auth : auth failure: [user=me@mydomain.com] [service=pop] [realm=] [mech=pam] [reason=PAM auth error] pop3[28753]: badlogin: my.ipaddress.location.etc plaintext [EMAIL PROTECTED] SASL(-13): authentication failure: checkpass failed I know the error may be quite vague and it could be a number of things, but, I remember reading something earlier today about if you are using PAM authentication with SASLAUTHD then you should disable KERBEROS/KRB4 on you Cyrus config. For some reason it takes over the authentication process??? I have been searching for the documentation that I passed by, with no luck in finding it. If anyone could confirm the disabling of KERBEROS or if you know the reason of why I am getting the above error… any help would be appreciated. I am positive that I am using the correct password that is in users email accounts table in mysql, and I checked my mysql.log file and the correct query is being run when checking for email. Thanks, Emma
Re: Authentication error SOLVED
Christiano Anderson wrote: Hey guys, I've finally found out the problem, and believe, it's really a bug, either of Cyrus or SASL 2. [...] But it's a bug, and it must be fixed ASAP. The bug is in LDAP, and the fix is OpenLDAP 2.1 (as a Debian 3.0 user - like me - you have OpenLDAP 2.0). The version of OpenLDAP you are using is linked against an older (and binary incompatible) SASL, and won't compile with a newer version. OpenLDAP 2.1 works with SASL 2.1 and is confirmed (by me and others, check the list archives) to fix the problem. I've tried both using SASL via PAM and via LDAP direcly. Same problem. I don't know why that problem happens. There is no an appearant cause. Basically, you have: Cyrus 2.1 -> SASL 2.1 -> OpenLDAP 2.0 -> SASL 1.5 -> segmentation fault. -- Phil Brutsche [EMAIL PROTECTED]
Re: Authentication error SOLVED
On Fri, 9 Jan 2004, Christiano Anderson wrote: > > Hey guys, > > I've finally found out the problem, and believe, it's really a bug, either > of Cyrus or SASL 2. > > The problem happens only when I have my NSS using LDAP, through these > lines in nsswitch.conf: > > -- > passwd: compat ldap > group: compat ldap > shadow: compat ldap > --- > > If I take 'ldap' out of that file, Cyrus works pretty well, like it should > do. > > For me, actually, it's not a problem at all, because I don't really need > to have NSS using LDAP, once this machine is used only for that stuff. > > But it's a bug, and it must be fixed ASAP. > > I've tried both using SASL via PAM and via LDAP direcly. Same problem. > > I don't know why that problem happens. There is no an appearant cause. I had this problem until I rebuilt the debian libldap2 package to not link against libsasl7. In debian stable, an older version of libsasl is used. When one of the Cyrus processes links in both libsasl2 (the newer version, paradoxically) and libsasl7 (when it does a user lookup that hits ldap), it will segfault. I rebuilt the debian stable libldap2 and removed "--with-cyrus-sasl" from the configure options in the package. Andy
Re: Authentication error SOLVED
Hey guys, I've finally found out the problem, and believe, it's really a bug, either of Cyrus or SASL 2. The problem happens only when I have my NSS using LDAP, through these lines in nsswitch.conf: -- passwd: compat ldap group: compat ldap shadow: compat ldap --- If I take 'ldap' out of that file, Cyrus works pretty well, like it should do. For me, actually, it's not a problem at all, because I don't really need to have NSS using LDAP, once this machine is used only for that stuff. But it's a bug, and it must be fixed ASAP. I've tried both using SASL via PAM and via LDAP direcly. Same problem. I don't know why that problem happens. There is no an appearant cause. -- MARLON DUTRA Propus GnuPG ID: 0x3E2060AC pgp.mit.edu http://www.propus.com.br/ http://hackers.propus.com.br/~marlon/ !DSPAM:3ffef330229225604010814! -- Christiano Anderson <[EMAIL PROTECTED]> Propus Informatica http://www.propus.com.br
Re: Authentication error
--- Mensagem Original
Assunto: Re: [Fwd: Re: Authentication error]
De: "Marlon Dutra" <[EMAIL PROTECTED]>
Data:Sex, Janeiro 9, 2004 12:56 pm
Para:[EMAIL PROTECTED]
--
Hi,
FYI, I'm working with Christiano.
> This is because cyradm will pick the most secure authentication
> mechanism that the server advertises (e.g. DIGEST-MD5), and all of the
non-plaintext mechanisms require that you have the user's secret stored
in an auxprop plugin backend (e.g. sasldb). If you only want to use
plaintext passwords via saslauthd, set your imapd.conf options to:
> sasl_mech_list: PLAIN LOGIN
> sasl_pwcheck_method: saslauthd
We've done that, but the problem still.
When I type 'cyradm -u cyrus localhost' and hit ENTER, cyrus logs the
following:
--
Jan 9 10:45:47 ldap master[3421]: about to exec /usr/cyrus/bin/imapd Jan
9 10:45:47 ldap imap[3421]: executed
Jan 9 10:45:47 ldap imapd[3421]: accepted connection
--
When I type the password, I get this:
Jan 9 10:45:51 ldap master[3414]: process 3421 exited, signaled to death
by 11
The child process, likely imapd, is death with signal 11.
If I strace that process, it gets a SIGSEV. Take a look:
--
...
getpeername(12, {sin_family=AF_INET, sin_port=htons(389),
sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0
brk(0x812d000) = 0x812d000
brk(0x813) = 0x813
time([1073659944]) = 1073659944
getpid()= 3455
rt_sigaction(SIGPIPE, {0x402b9f48, [], 0x400}, {SIG_IGN}, 8) = 0
send(10, "<37>Jan 9 10:52:24 imapd[3455]:"..., 54, 0) = 54
rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
--- SIGSEGV (Segmentation fault) ---
--
The same problem happens if I try to login directly via IMAP or via POP3.
By debugging sasl, it says that authentication is OK, and there is no any
problem.
> Alternatively, OpenLDAP 2.1.x includes an auxprop plugin, which would
allow you use any SASL mech with your LDAP installation.
Actually we're using sasl authenticating against PAM. PAM is using LDAP
for all the system.
Any idea?
PS: we have the same problem in two different machines, and they are too
different (hardware). One of them is using the kernel 2.4.24 and the other
one is using 2.4.23.
We've tried both Debian packages and the source from Cyrus' website.
--
MARLON DUTRA
Propus
GnuPG ID: 0x3E2060AC pgp.mit.edu
http://www.propus.com.br/
http://hackers.propus.com.br/~marlon/
!DSPAM:3ffec94a215402101913504!
--
Christiano Anderson <[EMAIL PROTECTED]>
Propus Informatica
http://www.propus.com.br
Re: Authentication error
Ken Murchison wrote: Christiano Anderson wrote: I am installing a Cyrus box with the following configuration: Machine: Dual Xeon 2GHz, 1Gb RAM System: Debian GNU/Linux 3.0, Cyrus 2.1 (Backported) and SASL2 (Backported) Authentication: LDAP I have created a cyrus user under LDAP directory and the PAM modules has been set up to lib_ldap.so. When I try a "testsaslauthd -u cyrus -p [hidden]" I get a Sucess status, however, a "cyradm -u cyrus localhost" doesn't work. This is because cyradm will pick the most secure authentication mechanism that the server advertises (e.g. DIGEST-MD5), and all of the non-plaintext mechanisms require that you have the user's secret stored in an auxprop plugin backend (e.g. sasldb). If you only want to use plaintext passwords via saslauthd, set your imapd.conf options to: sasl_mech_list: PLAIN LOGIN sasl_pwcheck_method: saslauthd Alternatively, OpenLDAP 2.1.x includes an auxprop plugin, which would allow you use any SASL mech with your LDAP installation. By the way, I tested the ldap auxprop plugin and it does not work for Cyrus-imap 2.2.2 cvs. The funny thing is that with the same setup (minus the "sasl_" in imapd.conf) I can authenticate with Postfix. Anyone had any success with that ? I know is more like a cyrus-sasl problem, but as I said Postfix works in the same scenario. mitu
Re: Authentication error
Christiano Anderson wrote: I am installing a Cyrus box with the following configuration: Machine: Dual Xeon 2GHz, 1Gb RAM System: Debian GNU/Linux 3.0, Cyrus 2.1 (Backported) and SASL2 (Backported) Authentication: LDAP I have created a cyrus user under LDAP directory and the PAM modules has been set up to lib_ldap.so. When I try a "testsaslauthd -u cyrus -p [hidden]" I get a Sucess status, however, a "cyradm -u cyrus localhost" doesn't work. This is because cyradm will pick the most secure authentication mechanism that the server advertises (e.g. DIGEST-MD5), and all of the non-plaintext mechanisms require that you have the user's secret stored in an auxprop plugin backend (e.g. sasldb). If you only want to use plaintext passwords via saslauthd, set your imapd.conf options to: sasl_mech_list: PLAIN LOGIN sasl_pwcheck_method: saslauthd Alternatively, OpenLDAP 2.1.x includes an auxprop plugin, which would allow you use any SASL mech with your LDAP installation. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Authentication error
I am installing a Cyrus box with the following configuration: Machine: Dual Xeon 2GHz, 1Gb RAM System: Debian GNU/Linux 3.0, Cyrus 2.1 (Backported) and SASL2 (Backported) Authentication: LDAP I have created a cyrus user under LDAP directory and the PAM modules has been set up to lib_ldap.so. When I try a "testsaslauthd -u cyrus -p [hidden]" I get a Sucess status, however, a "cyradm -u cyrus localhost" doesn't work. mail:~ cyradm -u cyrus localhost IMAP Password: [hidden] at /usr/lib/perl5/Cyrus/IMAP/Admin.pm line 118 cyradm: cannot authenticate to server as user cyrus I have checked the LDAP log, it recieves the cyrus request and the authentication seems to be ok. I tried a telnet 0 143, using the cyrus login, but it gives "Connection closed by foreign host". With a strace, I got a segmentation fault. Does anyone have got this problem? The authentication is ok, LDAP receives tha request, but Cyrus can't process it. I tried to compile cyrus 2.1.16 by hand and I have got the same problem. Thanks for any help Christiano
sieveshell authentication error..... (Cyrus 2.1.15)
Hi all, I'm having a problem using sieve on my linux box (SuSE 8.0). Cyrus and timesieved are working fine. I can even auth to imap and cyradm with plain method over saslauthd and pam. But I cannot login via sieveshell. I'm always getting the same error message! I've been googling around but I didn't find any hint how to solve this. Here my configs and logs! allowplaintext: yes sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN saslauthd -a pam -m /var/state/saslauthd This one is working, so there is no service problem: telnet localhost sieve Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.1.15" "SASL" "PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex" OK But sieveshell is unable to connect and exits with an error message: sieveshell -u cyrus -a cyrus localhost connecting to localhost Please enter your password: unable to connect to server at /usr/local/bin/sieveshell line 174, line 1. Here is what the log is saying about: If I enter *no* password: Aug 31 19:43:22 galgnet saslauthd[940]: do_request : NULL password received Aug 31 19:43:22 galgnet timsieved[17257]: Password verification failed Aug 31 19:43:39 galgnet saslauthd[938]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure If I enter a *wrong* password: Aug 31 19:43:39 galgnet saslauthd[938]: do_auth : auth failure: [user=cyrus] [service=sieve] [realm=] [mech=pam] [reason=PAM auth error] Aug 31 19:43:39 galgnet timsieved[17263]: Password verification failed If I enter the *right* password: Sep 1 11:06:15 galgnet master[9733]: about to exec /usr/lib/cyrus/bin/timsieved Sep 1 11:06:15 galgnet sieve[9733]: executed Sep 1 11:06:15 galgnet sieve[9733]: accepted connection Sep 1 11:06:19 galgnet master[1367]: process 9733 exited, status 0 So, it doesn't seem to be an authentication failure either My /etc/pam.d/sieve (same as imap): cat sieve #%PAM-1.0 authrequiredpam_unix.so account requiredpam_unix.so Only copied sieve to imap because cyrus version 2.1.x are using another service for sieve to authenticate! So, I'm not understanding what ist going wrong here. Alain
cross-realm authentication error when using DIGEST-MD5/CRAM-MD5
I have a cyrus imapd 2.1.13 mail server w/ cyrus sasl 2.1.13 using the ldapdb auxprop backend.. The auxprop backend is configured and working correctly.. the issue is this.. when I log into the mail server using LOGIN with the username [EMAIL PROTECTED] it works fine.. BUT if I use DIGEST-MD5 or CRAM-MD5 I receive a "cross realm login [EMAIL PROTECTED] denied in my auth.log (syslog auth.*) and it denies my the login.. Short of adding each and every single domain into the loginrealms config option in the imapd.conf is there a way around this?? Edward Rudd
Re: cyradm authentication error
On Thu, 27 Feb 2003, Robert Urban wrote: > I had this problem too. The answer is actually in the docs (install-auth), > but it can take days before you find it :( The whole authentication > business is pretty badly documented, IMHO. If you have suggestions, we do take reasonably-written patches. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: cyradm authentication error
Robert thanks for the help, After changing the imapd.conf file as you directed (and rebooting to make sure the changes took affect), I still got the error when running "cyradm --user cyrus localhost." I noticed in my auth.log file that the following messages occurred when trying to log in: Feb 27 08:52:56 web01 perl: No worthy mechs found I'm not sure what this means, but upon looking up this message in the archive I was told to use cyradm --user cyrus -auth login localhost. This DID work. I'm ASSUMING this means I am trying to login in via plaintext instead of DIGEST-MD5. (I have no clue why it won't work via DIGEST-MD5). I was able to create a mailbox in my cyradm tool, but still got the following messages in my imapd.conf file: Feb 27 08:56:03 web01 imapd[1229]: accepted connection Feb 27 08:56:48 web01 imapd[1229]: badlogin: web01[127.0.0.1] PLAIN [SASL(-4): no mechanism available: security flags do not match required] Feb 27 08:57:00 web01 imapd[1229]: badlogin: web01[127.0.0.1] plaintext cyrus SASL(-13): authentication failure: checkpass failed Feb 27 08:57:10 web01 imapd[1229]: accepted connection Feb 27 08:57:14 web01 imapd[1229]: login: web01[127.0.0.1] cyrus plaintext. Why am I getting these error messages? And as a newbie, I am COMPLETELY confused as to the differences between auxprop, saslauthd, login, and plain (those are the ones I have found so far...), and how they all relate regarding sasl2. Does anyone know why I am getting these messages in my log files (specifically "no worthy mechs found" in my auth log, and "badlogin: web01[127.0.0.1] PLAIN..." in my imapd.log). Also, is there any *good* documentation out there explaining the differences between these login mechanisms, and how they all relate? I'd love to buy a good book on all this stuff! Thanks in advance, Kevin Williams -- Original Message -- From: Robert Urban <[EMAIL PROTECTED]> Date: Thu, 27 Feb 2003 13:23:15 +0100 > >Kevin Williams wrote: >> My imapd.conf file looks as follows: >> >> configdirectory: /var/imap >> partition-default: /var/spool/imap >> admins: cyrus root >> sasl_pwcheck_method: saslauthd >> >> I can successfully authenticate using the imtest command. When I >> tried to use cyradm, I originally got a "can't locat >> Cyrus/IMAP/Shell.pm in @INC. I moved all necessary (I think) >> folders from the folder they were installed in (/user/local/lib >> instead of /user/lib) to be included in the path. Now when I run >> cyradm, the program just hangs and I get the following error in my >> imapd.log file: >> >> badlogin: web01[127.0.0.1] DOGEST-MD% [SASL(-13): authentication failure: >> client response doesn't match what we generated]. >> >> When I enter the sasldblistuser2 command, I get the following: >> [EMAIL PROTECTED]: userPassword. > >I had this problem too. The answer is actually in the docs (install-auth), >but it can take days before you find it :( The whole authentication >business is pretty badly documented, IMHO. > >use > > sasl_pwcheck_method: auxprop > >in imapd.conf (which is the default) and both imtest and cyradm >should used sasldb2. > >Rob Urban > >
Re: cyradm authentication error
Kevin Williams wrote: > My imapd.conf file looks as follows: > > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: cyrus root > sasl_pwcheck_method: saslauthd > > I can successfully authenticate using the imtest command. When I > tried to use cyradm, I originally got a "can't locat > Cyrus/IMAP/Shell.pm in @INC. I moved all necessary (I think) > folders from the folder they were installed in (/user/local/lib > instead of /user/lib) to be included in the path. Now when I run > cyradm, the program just hangs and I get the following error in my > imapd.log file: > > badlogin: web01[127.0.0.1] DOGEST-MD% [SASL(-13): authentication failure: > client response doesn't match what we generated]. > > When I enter the sasldblistuser2 command, I get the following: > [EMAIL PROTECTED]: userPassword. I had this problem too. The answer is actually in the docs (install-auth), but it can take days before you find it :( The whole authentication business is pretty badly documented, IMHO. use sasl_pwcheck_method: auxprop in imapd.conf (which is the default) and both imtest and cyradm should used sasldb2. Rob Urban
cyradm authentication error
All, I'm hoping someone can help me with this issue. I have a new install with Redhat 8.0. I used the sasl RPM 2.1.7-2. I downloaded and installed cyrus imap version 2.1.12. My imapd.conf file looks as follows: configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus root sasl_pwcheck_method: saslauthd I can successfully authenticate using the imtest command. When I tried to use cyradm, I originally got a "can't locat Cyrus/IMAP/Shell.pm in @INC. I moved all necessary (I think) folders from the folder they were installed in (/user/local/lib instead of /user/lib) to be included in the path. Now when I run cyradm, the program just hangs and I get the following error in my imapd.log file: badlogin: web01[127.0.0.1] DOGEST-MD% [SASL(-13): authentication failure: client response doesn't match what we generated]. When I enter the sasldblistuser2 command, I get the following: [EMAIL PROTECTED]: userPassword. Would someone PLEASE help me with this problem? I noticed a couple other postings with this error message, but no responses. Thank you, Kevin Williams
Re: strange authentication error
At 2:20 PM -0500 12/3/2002, Rob Siemborski wrote: I suspect you're trying to use one of the non plaintext mechanisms. What mechanisms are offered when you connect using imtest? Digest-MD5. The transcript is below. If I add the line like you suggested, I still get the generic failure and the log message about failing to open the DB file. Any other ideas? Thanks. mlilback@tcore$./imtest -u mailadmin localhost S: * OK mail.rtlabs.com Cyrus IMAP4 v2.1.10 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 S: + bm9uY2U9Ik1YRjdrR3hnVURNUG0zTDNTdFF5UnVDVlRGRDYxRU1QUWtaWW0vSmxZTTQ9IixyZWFsbT0ibWFpbC5ydGxhYnMuY29tIixxb3A9ImF1dGgsYXV0aC1pbnQsYXV0aC1jb25mIixjaXBoZXI9InJjNC00MCxyYzQtNTYscmM0IixtYXhidWY9NDA5NixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw== Please enter your password: C: dXNlcm5hbWU9Im1saWxiYWNrIixyZWFsbT0ibWFpbC5ydGxhYnMuY29tIixhdXRoemlkPSJtYWlsYWRtaW4iLG5vbmNlPSJNWEY3a0d4Z1VETVBtM0wzU3RReVJ1Q1ZURkQ2MUVNUFFrWlltL0psWU00PSIsY25vbmNlPSJSbXlDNldIZE55d3RVU29ZajBOSDBVUUFHYURLbkRSdnlOZUhUdHNNSFV3PSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtY29uZixjaXBoZXI9InJjNCIsbWF4YnVmPTEwMjQsZGlnZXN0LXVyaT0iaW1hcC9sb2NhbGhvc3QiLHJlc3BvbnNlPTFmYzJkODc4NGRmOGYxOTY4YjkwYzA1NjcyZGVhYWNj S: A01 NO user not found Authentication failed. generic failure Security strength factor: 128 -- __ "They that can give up essential liberty Mark J. Lilbackto obtain a little temporary safety <[EMAIL PROTECTED]> deserve neither liberty or safety." http://www.lilback.com/ -- Benjamin Franklin
Re: strange authentication error
On Tue, 3 Dec 2002, Mark J. Lilback wrote: > At 2:20 PM -0500 12/3/2002, Rob Siemborski wrote: > >I suspect you're trying to use one of the non plaintext mechanisms. > > > >What mechanisms are offered when you connect using imtest? > > Digest-MD5. The transcript is below. If I add the line like you > suggested, I still get the generic failure and the log message about > failing to open the DB file. Well, DIGEST won't work with saslauthd, so there you go. Presumably the database error has to do with the fact that you don't have a sasldb, since you're not using it ;) -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: strange authentication error
I suspect you're trying to use one of the non plaintext mechanisms. What mechanisms are offered when you connect using imtest? The probably solution is to add a line to imapd.conf like: sasl_mech_list: PLAIN LOGIN -Rob On Tue, 3 Dec 2002, Mark J. Lilback wrote: > Hi. I'm running in to a strange authentication problem and was hoping > someone could point me in the right direction. > > I've configured cyrus-imapd-2.1.10 on a Solaris 8 box, along with > cyrus-sasl-2.1.9. > > My imap.conf contains the following lines related to authentication: > admins: mailadmin > sasl_pwcheck_method: saslauthd > > > I've started saslauthd as "saslauthd -a pam". > > I then run "cyradm --user=mailadmin localhost" and enter the > password. I get a "cannot authenticate to server" message. > > In /var/adm/messages the following gets logged: > imapd[7811]: [ID 702911 auth.error] unable to open Berkeley db no: No > such file or directory > > The message used to read "/etc/sasldb2" instead of "no" before I > recompiled sasl with --without-dbpath. > > Why is imapd trying to read the sasldb2 file instead of using > saslauthd and pam? > > Also, I've set CYRUS_VERBOSE=1 in my environment and run master with > the -D option and nothing ever gets output to my terminal. I've tried > higher numbers, too. Isn't that suppose to provide debugging > information? > > Thanks. > > -- > __ >"They that can give up essential liberty > Mark J. Lilbackto obtain a little temporary safety > <[EMAIL PROTECTED]> deserve neither liberty or safety." > http://www.lilback.com/ -- Benjamin Franklin > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
strange authentication error
Hi. I'm running in to a strange authentication problem and was hoping someone could point me in the right direction. I've configured cyrus-imapd-2.1.10 on a Solaris 8 box, along with cyrus-sasl-2.1.9. My imap.conf contains the following lines related to authentication: admins: mailadmin sasl_pwcheck_method: saslauthd I've started saslauthd as "saslauthd -a pam". I then run "cyradm --user=mailadmin localhost" and enter the password. I get a "cannot authenticate to server" message. In /var/adm/messages the following gets logged: imapd[7811]: [ID 702911 auth.error] unable to open Berkeley db no: No such file or directory The message used to read "/etc/sasldb2" instead of "no" before I recompiled sasl with --without-dbpath. Why is imapd trying to read the sasldb2 file instead of using saslauthd and pam? Also, I've set CYRUS_VERBOSE=1 in my environment and run master with the -D option and nothing ever gets output to my terminal. I've tried higher numbers, too. Isn't that suppose to provide debugging information? Thanks. -- __ "They that can give up essential liberty Mark J. Lilbackto obtain a little temporary safety <[EMAIL PROTECTED]> deserve neither liberty or safety." http://www.lilback.com/ -- Benjamin Franklin
Re: Authentication error with sieveshell
Nicolas Bonnefon schrieb: > > I use Cyrus 2.0.16 with Digest-MD5 SASL authentication on my Linux server > and it works well. But when I try to use sieveshell : > > $ sieveshell -u nicko -a nicko outerspace > connecting to outerspace > Please enter your password: x > unable to connect to server: Authentication error at /usr/bin/sieveshell > line 149, line 1. > > I can successfully telnet to my server : > $ telnet outerspace sieve > Trying 127.0.0.1... > Connected to outerspace. > Escape character is '^]'. > "IMPLEMENTATION" "Cyrus timsieved v1.0.0" > "SASL" "PLAIN LOGIN DIGEST-MD5 CRAM-MD5" > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > regex" OK > > The 'sieveshell' perl script use a $acapserver variable. Is the sieve > server related to acapd ? May I have acapd running on the box ? IIRC the problem with sieveshell is that you can not set the auth mech like with cyradm. So I had to put this into my imapd.conf: sasl_mech_list: PLAIN I'm using cyrus 2.1.3 but I think it's the same. Simon > > My imapd.conf is very simple : > > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: cyrus > allowanonymouslogin: no > sieveusehomedir: no > sasl_pwcheck_method: sasldb > > I checked the archives and found related topics but no answer, has anybody > got an idea ??? > > Thanks > > -- > Nicolas Bonnefon
Authentication error with sieveshell
I use Cyrus 2.0.16 with Digest-MD5 SASL authentication on my Linux server and it works well. But when I try to use sieveshell : $ sieveshell -u nicko -a nicko outerspace connecting to outerspace Please enter your password: x unable to connect to server: Authentication error at /usr/bin/sieveshell line 149, line 1. I can successfully telnet to my server : $ telnet outerspace sieve Trying 127.0.0.1... Connected to outerspace. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v1.0.0" "SASL" "PLAIN LOGIN DIGEST-MD5 CRAM-MD5" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress regex" OK The 'sieveshell' perl script use a $acapserver variable. Is the sieve server related to acapd ? May I have acapd running on the box ? My imapd.conf is very simple : configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus allowanonymouslogin: no sieveusehomedir: no sasl_pwcheck_method: sasldb I checked the archives and found related topics but no answer, has anybody got an idea ??? Thanks -- Nicolas Bonnefon
Authentication Error
Hello Mailinglist-User, I login as user "cyrus" and input "cyradm localhost" to get the opportunity to administrate the server. Then I made a "auth cyrus", but the program aborted currently with the following error message: perl: digestmd5.c:1423: privacy_encode: Zusicherung »text->maxbuf > 0« nicht erfüllt. Abgebrochen -> this is german, in english: perl: digestmd5.c:1423: privacy_encode: assurance »text->maxbuf > 0« not comply. Aborted. Is someone able to help me? I know, that I'm not the only one having this problem. Thanks... Marcel Karras
Re: Cyrus Authentication error
Result of tail /var/log/messages [root@ms1 /root]# tail /var/log/messages Feb 26 23:10:00 ms1 CROND[1886]: (root) CMD ( /sbin/rmmod -as) Feb 26 23:20:00 ms1 CROND[1888]: (root) CMD ( /sbin/rmmod -as) Feb 26 23:23:45 ms1 named[549]: Cleaned cache of 0 RRsets Feb 26 23:23:45 ms1 named[549]: USAGE 983251425 983179425 CPU=0.01u/0s CHILDCP 0u/0s Feb 26 23:23:45 ms1 named[549]: NSTATS 983251425 983179425 Feb 26 23:23:45 ms1 named[549]: XSTATS 983251425 983179425 RR=1 RNXD=0 RFwdR=0 DupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=1 SAns=0 SFwdQ=0 S pQ=0 SErr=0 RQ=0 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=0 SFwdR=0 SFail=0 SFErr=0 SNaAns=0 NXD=0 RUQ=0 RURQ=0 RUXFR=0 RUUpd=0 Feb 26 23:24:10 ms1 rhnsd[1892]: running program /usr/sbin/rhn_check Feb 26 23:24:10 ms1 rhnsd[914]: command returned: Traceback (innermost last): File "/usr/sbin/rhn_check", line 342, in ? action = server.queue.get(up2da .getSystemId()) File "/usr/lib/python1.5/site-packages/xmlrpclib.py", line 5 , in __call__ return self.__send(self.__name, args) File "/usr/lib/pytho .5/site-packages/xmlrpclib.py", line 631, in __request request File "/us lib/python1.5/site-packages/xmlrpclib.py", line 548, in request headers, f = req.send_http(host, proxy, handler, self.__type) File "/usr/lib/python1.5/ te-packages/cgiwrap.py", line 437, in send_http h = myHTTPS(host, port, se .__ca_chain) File "/usr/lib/python1.5/site-packages/cgiwrap.py", line 127, i __init__ httplib.HTTPS.__init__(self, host, port, cachain) File "/usr/li python1.5/httplib.py", line 214, in __init__ HTTP.__init__(self, host, por File "/usr/lib/python1.5/httplib.py", line 53, in __init__ if host: sel connect(host, port) File "/usr/lib/python1.5/site-packages/c Feb 26 23:30:00 ms1 CROND[1894]: (root) CMD ( /sbin/rmmod -as) Feb 26 23:32:22 ms1 ctl_mboxlist[1895]: checkpointing mboxlist result of tail /var/adm/auth.log I have no /var/adm/lauth.log only a /var/log/auth.log and that is empty result of /car/adm/imap.log and no imap.log either by the way, is there an IRC channel for any of the mailing list members? I would really appreciate talking to someone real time about this, its really driving me nuts and I'm getting really desperate to get this to work, its taken two frustrating months to get to this impass. TIA James Pascal Pucci wrote: > Hi, > > > Okay, I've tried everything under the sun, but for some reason I can never get the >authentication to work > > properly. Does anyone see into this error message? Any help would keep me from >jumping off the nearest bridge! > > Result of : > > tail /var/log/messages > tail /var/adm/auth.log > tail /var/adm/imap.log > > Which authentification ? > -- > Pascal Pucci : [EMAIL PROTECTED] > Recommander un site à ses amis : http://www.BeeTell.com > Participer à la promotion du logiciel libre : http://www.linuxpien.org > http://www.pascalou.org, sur le portable : [EMAIL PROTECTED]
Re: Cyrus Authentication error
Hi, > Okay, I've tried everything under the sun, but for some reason I can never get the >authentication to work > properly. Does anyone see into this error message? Any help would keep me from >jumping off the nearest bridge! Result of : tail /var/log/messages tail /var/adm/auth.log tail /var/adm/imap.log Which authentification ? -- Pascal Pucci : [EMAIL PROTECTED] Recommander un site à ses amis : http://www.BeeTell.com Participer à la promotion du logiciel libre : http://www.linuxpien.org http://www.pascalou.org, sur le portable : [EMAIL PROTECTED]
Cyrus Authentication error
>/usr/local/bin/imtest -m login ms1.usishealth.com
C: CO1 CAPABILITY
S: * OK ms1.usishealth Cyrus IMAP4 v.2.0.12 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL + NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME
UNSELECT MULTIAPPEND SORT THREAD=ORDERSUBJECT THREAD=REFERENCES IDLE
S: CO1 OK Completed
Password: ***
C: L01 LOGIN root {8}
+ go ahead
C:
L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
Okay, I've tried everything under the sun, but for some reason I can never get the
authentication to work
properly. Does anyone see into this error message? Any help would keep me from jumping
off the nearest bridge!
James
