You need to use tls as well for PLAIN to work. add -t "" to your
arguments
What mechanism do you want to use for connecting between backends? If
its PLAIN then you want
force_sasl_client_mech: PLAIN
in your imapd.conf file.
Otherwise, the machines will see GSSAPI advertised and will try using
that.
-Patrick
On Apr 20, 2006, at 5:19 PM, Perry Brown wrote:
Perry Brown wrote:
Thanks for the imtest idea.
It looks like I can log in OK.
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m login -p imap
server2.sub2.domain.com
Force imtest to use one of the SASL mechanisms that are listed.
The backends *only* use SASL, not protocol specific login
commands (IMAP LOGIN, POP3 USER/PASS, NNTP AUTHINFO USER/PASS).
I'm sorry I got my dounce cap on today or something.
Should I change the -m login to -m and one of the AUTH= values
from the CAPABILITY output?
ie -m GSSAPI? or digest-md5 etc...
Andy Morgan wrote:
Maybe "-m plain"?
thank you for the suggestion Andy but no luck.
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m plain -p imap
WARNING: no hostname supplied, assuming localhost
S: * OK server1.sub1.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-
REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
ANNOTATEMORE IDLE AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN Y3lyaW1hcABjeXJpbWFwAGpTdXZTMTFz
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 0
I gave this a try with GSSAPI, and got nothing.
digest-md5,
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -m digest-md5
WARNING: no hostname supplied, assuming localhost
S: * OK server1.sub1.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-
REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
ANNOTATEMORE IDLE AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-
IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE DIGEST-MD5
S:
wkrnfjknf (etc list of characters)
Please enter your password: (I enter passwd for cyrus)
C: dXNlcm5h (another long list of characters)
S: A01 NO user not found
Authentication failed. generic failure
Security strength factor: 128
This is what I see in local6.log on server1.sub1
Apr 20 11:04:32 server1 imap[17729]: accepted connection
Apr 20 11:04:38 server1 imap[17729]: badlogin:
localhost.localdomain [127.0.0.1] DIGEST-MD5 [SASL(-13): user not
found: no secret in database]
This is in the auth.log
Apr 20 11:06:26 server1 imap[15971]: unable to open Berkeley db /
etc/sasldb2: No such file or directory
Apr 20 11:06:26 server1 imap[15971]: unable to open Berkeley db /
etc/sasldb2: No such file or directory
Apr 20 11:06:26 server1 imap[15971]: no secret in database
cram-md5 got me pretty much the same thing.
Is there a cyrus or sasl command I should/can run to get the auth
for digest-md5 working?
Perry
S: * OK server2.sub2.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-
REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT
CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=GSSAPI AUTH=DIGEST-MD5
AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {8}
S: + go ahead
C: <omitted>
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
CAPABILITY
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
