Re: Sieve authentication failure

2005-12-09 Thread Paul-Erik Törrönen 
On Mon, 2005-12-05 at 16:20 +0200, Paul-Erik Törrönen wrote:
> But sivtest fails:
> $ sivtest -a poltsi localhost
> S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12-Invoca-RPM-2.2.12-6.fc4"
> S: "SASL" "PLAIN"
> S: "SIEVE" "fileinto reject envelope vacation imapflags notify
> subaddress relational comparator-i;ascii-numeric regex"
> S: "STARTTLS"
> S: OK
> Please enter your password: 
> C: AUTHENTICATE "PLAIN" {28+}
> 
> S: NO "Authentication Error"
> 
> As do sieveshell:
> 
> $ sieveshell -u poltsi -a poltsi localhost
> connecting to localhost
> Please enter your password: 
> unable to connect to server at /usr/bin/sieveshell line 169, 
> line 1.

Ok, I've gotten a step further, the sivtest works when I give the full
[EMAIL PROTECTED] in the -a parameter, but the same does not work with the
sieveshell, it barfs with the same error as above.

Any help?

Poltsi




Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Sieve authentication failure

2005-12-05 Thread Paul-Erik Törrönen 
Hello,

We have a problem similar to that described by Andrew Morgan, ie. sieve
(both sieveshell and sivtest) is not accepting the given password. The
difference is that we use the Cyrus-Imapd (2.2.12-6.fc4) provided by
FC4. We use LDAP and saslauthd is configured to validate the login
against it.

# testsaslauthd -u poltsi -p 
0: OK "Success."

Likewise using imtest (as user) works:

$ imtest 
WARNING: no hostname supplied, assuming localhost

S: * OK  Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-6.fc4 server
ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password: 
C: L01 LOGIN poltsi {11}
S: + go ahead
C: 
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
C: Q01 LOGOUT
* BYE LOGOUT received
Q01 OK Completed
Connection closed.

But sivtest fails:

$ sivtest -a poltsi localhost
S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12-Invoca-RPM-2.2.12-6.fc4"
S: "SASL" "PLAIN"
S: "SIEVE" "fileinto reject envelope vacation imapflags notify
subaddress relational comparator-i;ascii-numeric regex"
S: "STARTTLS"
S: OK
Please enter your password: 
C: AUTHENTICATE "PLAIN" {28+}

S: NO "Authentication Error"

As do sieveshell:

$ sieveshell -u poltsi -a poltsi localhost
connecting to localhost
Please enter your password: 
unable to connect to server at /usr/bin/sieveshell line 169, 
line 1.

There is nothing helpful in /var/log/maillog:

Dec  5 13:53:24 mail sieve[14763]: executed
Dec  5 13:53:24 mail sieve[14763]: accepted connection
Dec  5 13:53:27 mail master[13998]: process 14763 exited, status 0

The /usr/lib/sasl2/libplain.so exists (provided by
cyrus-sasl-plain-2.1.20-5) and following a related discussion on SuSe
mailinglist¹ I checked that the required perl-modules also are
installed.

Of course users are able to log on cyrus-imapd normally to read and
manage their messages through IMAPS.

¹ http://lists.suse.com/archive/suse-linux-e/2005-Sep/1313.html

Running trace on the sieveshell command shows only a very brief
interaction with the timsieved:

(Reading the enter when giving the password)
14858 read(0, "\n", 4096)   = 1
14858 write(1, "\n", 1) = 1
14858 pipe([5, 6])  = 0
14858 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|
CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f03be8) = 14863
14858 close(6 
14863 close(5 
14858 <... close resumed> ) = 0
14863 <... close resumed> ) = 0
14858 rt_sigaction(SIGINT, {SIG_IGN},  
14863 fcntl64(6, F_SETFD, FD_CLOEXEC 
14858 <... rt_sigaction resumed> {SIG_DFL}, 8) = 0
14863 <... fcntl64 resumed> )   = 0
14858 rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_DFL}, 8) = 0
14858 waitpid(14863,  
14863 rt_sigaction(SIGFPE, {SIG_DFL}, {SIG_IGN}, 8) = 0
14863 execve("/usr/kerberos/bin/stty", ["stty",
"500:5:bf:8a3b:3:1c:7f:15:4:0:1:0"...], [/* 27 vars */]) = -1 ENOENT (No
such file or directory)
14863 execve("/usr/local/bin/stty", ["stty",
"500:5:bf:8a3b:3:1c:7f:15:4:0:1:0"...], [/* 27 vars */]) = -1 ENOENT (No
such file or directory)
14863 execve("/bin/stty", ["stty",
"500:5:bf:8a3b:3:1c:7f:15:4:0:1:0"...], [/* 27 vars */]) = 0
14863 brk(0)= 0x8e35000
14863 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
14863 open("/etc/ld.so.cache", O_RDONLY) = 3
14863 fstat64(3, {st_mode=S_IFREG|0644, st_size=22331, ...}) = 0
14863 old_mmap(NULL, 22331, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f18000
14863 close(3)  = 0
14863 open("/lib/libc.so.6", O_RDONLY)  = 3
14863 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0
\212N(\000"..., 512) = 512
14863 fstat64(3, {st_mode=S_IFREG|0755, st_size=1485672, ...}) = 0
14863 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0xb7f17000
14863 old_mmap(0x27, 1215452, PROT_READ|PROT_EXEC, MAP_PRIVATE|
MAP_DENYWRITE, 3, 0) = 0x27
14863 old_mmap(0x393000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_FIXED|MAP_DENYWRITE, 3, 0x123000) = 0x393000
14863 old_mmap(0x397000, 7132, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x397000
14863 close(3)  = 0
14863 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0xb7f16000
14863 set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f166c0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
14863 mprotect(0x393000, 8192, PROT_READ) = 0
14863 mprotect(0x26c000, 4096, PROT_READ) = 0
14863 munmap(0xb7f18000, 22331) = 0
14863 brk(0)= 0x8e35000
14863 brk(0x8e56000)= 0x8e56000
14863 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
14863 fstat64(3, {st_mode=S_IFREG|064