SASL 2.1.24 RC1 - no mechanism available: security flags do not match required

["Rosenbaum, Larry M." <rosenbaumlm@xxxxxxxx>]

I get the following when I try to run cyradm:

 

ornl71# cyradm localhost --tls

Password: (I enter the password here)

IMAP Password:  (I shouldn’t get this prompt)

 

The log file shows the following entries:

 

Sep 16 11:43:55 ornl71 imap[7466]: [ID 921384 local6.debug] accepted connection

Sep 16 11:43:55 ornl71 imap[7466]: [ID 286863 local6.notice] imapd:Loading hard-coded DH parameters

Sep 16 11:43:55 ornl71 imap[7466]: [ID 277171 local6.error] TLS server engine: No CA file specified. Client side certs may not work

Sep 16 11:43:55 ornl71 imap[7466]: [ID 574029 local6.debug] SSL_accept() incomplete -> wait

Sep 16 11:43:56 ornl71 imap[7466]: [ID 867439 local6.debug] SSL_accept() succeeded -> done

Sep 16 11:43:56 ornl71 imap[7466]: [ID 379946 local6.notice] starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication

Sep 16 11:44:02 ornl71 imap[7466]: [ID 824502 local6.notice] badlogin: localhost [127.0.0.1] PLAIN [SASL(-4): no mechanism available: security flags do not match required]

This doesn’t happen with v2.1.22.

 

When I connect with Thunderbird, the log files also show that it takes two login attempts, although Thunderbird only prompts me once.

 

Sep 16 14:07:01 ornl71 imap[7600]: [ID 379946 local6.notice] starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication

Sep 16 14:07:05 ornl71 imap[7600]: [ID 824502 local6.notice] badlogin: rosenbaumlm42.ornl.gov [160.91.217.127] plain [SASL(-4): no mechanism available: security flags do not match required]

Sep 16 14:07:08 ornl71 imap[7600]: [ID 277583 local6.notice] login: rosenbaumlm42.ornl.gov [160.91.217.127] lmr plaintext+TLS User logged in

 

name       : Cyrus IMAPD

version    : v2.3.15 2009/09/09 12:35:48

vendor     : Project Cyrus

support-url: http://cyrusimap.web.cmu.edu

os         : SunOS

os-version : 5.9

environment: Built w/Cyrus SASL 2.1.24

             Running w/Cyrus SASL 2.1.24

             Built w/Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)

             Running w/Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)

             Built w/OpenSSL 0.9.8j 07 Jan 2009

             Running w/OpenSSL 0.9.8j 07 Jan 2009

             Built w/zlib 1.2.3

             Running w/zlib 1.2.3

             CMU Sieve 2.3

             mmap = shared

             lock = fcntl

             nonblock = fcntl

             idle = idled

 

I built Cyrus-SASL with the following config:

 

CC=gcc ./configure \

  --disable-cram \

  --disable-digest \

  --disable-otp \

  --disable-krb4 \

  --disable-gssapi \

  --disable-anon \

  --enable-plain \

  --with-dblib=none \

  --with-openssl=/usr/local/ssl \

  --with-saslauthd=/var/saslauthd