----------------------------------------
> CC: info-cyrus@xxxxxxxxxxxxxxxxxxxx
> From: wes@xxxxxxxxx
> Subject: Re: IMAPD "Authentication failed. generic failure"
> Date: Mon, 17 Mar 2008 18:00:28 -0400
> To: day1234@xxxxxxxxxxx
>
> First failure:
>
> On 17 Mar 2008, at 17:18, J.J. Day wrote:
>> C: A01 AUTHENTICATE PLAIN
>> S: A01 NO no mechanism available
>
>> Mar 17 14:34:11 dc-mail imaps[5423]: badlogin: dc-mail.training.int
>> [192.168.251.3] PLAIN [SASL(-4): no mechanism available: Couldn't
>> find mech PLAIN]
>
> PLAIN authN wasn't an option. Presumably you get this error because
> you haven't allowed plain text authN and aren't using TLS.
>
> Second failure:
>
>> C: S01 STARTTLS
>> S: S01 OK Begin TLS negotiation now
>> C: C01 CAPABILITY
>> S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID ACL RIGHTS=kxte QUOTA
>> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT
>> CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
>> THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH
>> S: C01 OK Completed
>> Please enter your password:
>> C: L01 LOGIN cyrus {5}
>> S: + go ahead
>> C:
>> S: L01 NO Login failed: authentication failure
>
>> Mar 17 14:44:45 dc-mail imap[5444]: badlogin: localhost [127.0.0.1]
>> plaintext cyrus SASL(-13): user not found: checkpass failed
>
>
> This implies that you typed the password wrong, which is always
> possible :) I'd probably examine your SASL auxprop configs, tho,
> since imap complains that it can't find your auxprop plugin.
>
Okay!!
Still not able to log in but found part of the problem. The permissions on the symlnk from /usr/lib/sasl2 -> /usr/local/lib/sasl2 were 700. Changed to 755 and now get a more reasonable capabilities list:
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=LOGIN AUTH=PLAIN AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR] D-Y-C Mail Server Cyrus IMAP4 v2.3.11 server ready
But imapd.log now shows "user not found":
Mar 17 20:19:38 dc-mail master[6032]: about to exec /usr/local/cyrus/bin/imapd
Mar 17 20:19:39 dc-mail imap[6032]: executed
Mar 17 20:19:39 dc-mail imap[6032]: accepted connection
Mar 17 20:19:39 dc-mail imap[6032]: TLS server engine: cannot load CA data
Mar 17 20:19:39 dc-mail imap[6032]: TLS server engine: No CA file specified. Client side certs may not work
Mar 17 20:19:39 dc-mail imap[6032]: mystore: starting txn 2147483673
Mar 17 20:19:39 dc-mail imap[6032]: mystore: committing txn 2147483673
Mar 17 20:19:39 dc-mail imap[6032]: SSL_accept() succeeded -> done
Mar 17 20:19:39 dc-mail imap[6032]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication
Mar 17 20:19:39 dc-mail imap[6032]: badlogin: localhost [127.0.0.1] plaintext cyrus SASL(-13): user not found: checkpass failed
Mar 17 20:21:34 dc-mail master[5399]: process 6032 exited, status 0
FWIW;
[root@dc-mail ~]# sasldblistusers2
cyrus@xxxxxxxxxxxxxxxxxxxx: userPassword
root@xxxxxxxxxxxxxxxxxxxx: userPassword
[root@dc-mail ~]#
But when I delete a listed user, I still get the auth.log message:
Mar 17 20:29:58 dc-mail saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found
> :wes
>
> ps I think servername: ought to be something in DNS, i.e., "D-Y-C
> Mail Server" is a poor choice.
Isn't this just a descriptive clause for user identification?
lib/sasl2 listing is:
=======================
[root@dc-mail ~]# ls /usr/lib/sasl2
lrwxr-xr-x 1 root wheel 20 Mar 13 19:33 /usr/lib/sasl2@ -> /usr/local/lib/sasl2
[root@dc-mail ~]# ls /usr/lib/sasl2/
total 304
drwxr-xr-x 2 root wheel 1024 Mar 15 22:20 ./
drwxr-xr-x 8 root wheel 1536 Mar 15 22:43 ../
-rw-r--r-- 1 root wheel 11656 Mar 15 22:20 libanonymous.a
-rwxr-xr-x 1 root wheel 829 Mar 15 22:20 libanonymous.la*
lrwx------ 1 root wheel 17 Mar 15 22:20 libanonymous.so@ -> libanonymous.so.2
-rwxr-xr-x 1 root wheel 14883 Mar 15 22:20 libanonymous.so.2*
-rw-r--r-- 1 root wheel 13782 Mar 15 22:20 libcrammd5.a
-rwxr-xr-x 1 root wheel 815 Mar 15 22:20 libcrammd5.la*
lrwx------ 1 root wheel 15 Mar 15 22:20 libcrammd5.so@ -> libcrammd5.so.2
-rwxr-xr-x 1 root wheel 17088 Mar 15 22:20 libcrammd5.so.2*
-rw-r--r-- 1 root wheel 42180 Mar 15 22:20 libdigestmd5.a
-rwxr-xr-x 1 root wheel 838 Mar 15 22:20 libdigestmd5.la*
lrwx------ 1 root wheel 17 Mar 15 22:20 libdigestmd5.so@ -> libdigestmd5.so.2
-rwxr-xr-x 1 root wheel 44585 Mar 15 22:20 libdigestmd5.so.2*
-rw-r--r-- 1 root wheel 20328 Mar 15 22:20 libgssapiv2.a
-rwxr-xr-x 1 root wheel 891 Mar 15 22:20 libgssapiv2.la*
lrwx------ 1 root wheel 16 Mar 15 22:20 libgssapiv2.so@ -> libgssapiv2.so.2
-rwxr-xr-x 1 root wheel 24478 Mar 15 22:20 libgssapiv2.so.2*
-rw-r--r-- 1 root wheel 11858 Mar 15 22:20 liblogin.a
-rwxr-xr-x 1 root wheel 809 Mar 15 22:20 liblogin.la*
lrwx------ 1 root wheel 13 Mar 15 22:20 liblogin.so@ -> liblogin.so.2
-rwxr-xr-x 1 root wheel 15118 Mar 15 22:20 liblogin.so.2*
-rw-r--r-- 1 root wheel 11986 Mar 15 22:20 libplain.a
-rwxr-xr-x 1 root wheel 809 Mar 15 22:20 libplain.la*
lrwx------ 1 root wheel 13 Mar 15 22:20 libplain.so@ -> libplain.so.2
-rwxr-xr-x 1 root wheel 15112 Mar 15 22:20 libplain.so.2*
-rw-r--r-- 1 root wheel 18660 Mar 15 22:20 libsasldb.a
-rwxr-xr-x 1 root wheel 851 Mar 15 22:20 libsasldb.la*
lrwx------ 1 root wheel 14 Mar 15 22:20 libsasldb.so@ -> libsasldb.so.2
-rwxr-xr-x 1 root wheel 19613 Mar 15 22:20 libsasldb.so.2*
[root@dc-mail ~]#
_________________________________________________________________
Helping your favorite cause is as easy as instant messaging. You IM, we give.
http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
