what happens if you do --auth LOGIN
instead of PLAIN?
PLAIN requires start TLS. The version of Cyrus you are using probably
doesn't support startTLS with cyradm.
-Patrick
On Jul 27, 2006, at 8:57 AM, jocke khazad wrote:
Hello everyone!
Iam trying to setup a mailserver with postfix, cyrus-imap, cyrus-
sasl, mysql, pam_mysql on Redhat Enterprise 4.
Everything seems to work ok accept when I use cyradm to login on my
imap server.
root> cyradm --user cyrus --server localhost --auth plain
root>password: <---- this is where my maillog spits out an error
message
( imap[2302]: badlogin: localhost [127.0.0.1 ] PLAIN [SASL(-16):
encryption needed to use mechanism: security flags do not match
required] )
root>IMAP password: <--- this checks against mysql and seems to
work fine.. I get into my imap server after this.
here is a paste of my maillog after I tried this.
Jul 26 09:28:50 mail56 imap[2302]: accepted connection
Jul 26 09:28:51 mail56 imap[2302]: badlogin: localhost [127.0.0.1]
PLAIN [SASL(-16): encryption needed to use mechanism: security
flags do not match required]
Jul 26 09:28:55 mail56 imap[2302]: login: localhost [127.0.0.1]
cyrus plaintext User logged in
Ive been on this, googling, reading asking.. for a cpl of weeks now
and it starts to get on my nervs.
Can anyone give me a hint on what to do here?
A couple of notes:
1. postfix works fine, it also authenticates fine, I can send and
resieve mail
2. imap works, I can login to my imap server from outlook express,
and view my mails.
3. I tryed to auth against sasldb with testsasl, and imtest. It
works without any problems.
4. I prolly read every post out ther about this problem and noone
gives a clear answer why this problem exists =)
If someone want to explain to me why the first authentication is
ther for I would also be glad =)
cyradm --user cyrus --server localhost --auth plain
>password <----- why this one? what is it supposed to contact?
Ive read that its contacting sasldb2, but when I run saslauthd in
debugmode I see nothing
>IMAP password <----- this one makes sence, it checks my mysql
tables and this also works and lets me into my imap server, even
tho the first pw auth fails.
Here is my a few of my confs
/etc/imapd.conf:
postmaster: postmaster
configdirectory: /var/lib/imap/
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: mail56
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_ca_file: /usr/share/ssl/certs/ca- bundle.crt
--------------------------------------------------------
/etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid
file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to
get a list
# of which mechanism your installation was compiled to use.
MECH=pam
# Additional flags to pass to saslauthd on the command line. See
saslauthd(8)
# for the list of accepted flags.
FLAGS=
--------------------------------------------------------
/etc/cyrus.conf
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/
sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
pop3 cmd="pop3d" listen="pop3" prefork=3
pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"
prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
--------------------------------------------------------
Thank you all for reading and trying to help me with this!
/ Jocke
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
