On 02/03/11 14:18 -0800, Gary Smith wrote: >We have been using saslauth against pam_mysql for some time now with no >problems. To use it though we need to use the -r option for sasl, which >adds the realm to the username. I've been re-working some of my management >scripts so I can have a central server that issues the commands to the >remote cyrus servers. The problem is the cyrus administration accounts >can't seem to connect from remote hosts as the -r option for sasl adds the >hostname and using user@ connects but doesn't yield admin level privileges >even if added to the imapd.conf file. I don't think either the PLAIN or LOGIN mechanisms support passing a SASL realm value. Neither RFC 4616 or draft-murchison-sasl-login-xx.txt mention the word 'realm'. So the '-r' option for saslauthd probably doesn't have any effect for remote cyradm/imap connections, that I can see. >cyradm --user cyrus remotehost <-- yields invalid password >cyradm --user cyrus@ remotehost <-- can login but no access, even if both cyrus and cyrus@ are in the imapd.conf file What username do you see authenticated in syslog? I think that's the username you'll need to key off of for what goes into imapd.conf. >I also tried by assing a new user garycyrusadmin >cyradm --user garycyrusadmin remotehost <-- yields invalid password >cyradm --user garycyrusadmin @ remotehost <-- can login but no admin access, even if both cyrus and cyrus@ are in the imapd.conf file > >I also tested with one of my hosted email accounts >cyradm --user gary@xxxxxxxxxx remotehost <-- can login but no admin access, even if gary@xxxxxxxxxx is in imapd.conf file It's simpler to pass a domain name in the username field like that rather than trying to pass a sasl realm, which isn't consistently handled across the various sasl mechanisms. >Any advice on how to connect to the remote cyrus host with an admin >account? All of the scripts connect via imaps as well, which shouldn't >matter in this case. See the 'Administration' section of: http://www.cyrusimap.org/docs/cyrus-imapd/2.4.6/install-virtdomains.php -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
