Hello, I have a problem with a new installation. I've been trying to sort this for several days now without any luck so post here in the hope for a solution. I have a server, currently running 2.4.7 and all is well (and has been for a very long time). I am trying to build a new server with 2.4.10 but I can't get anything to authenticate on it. In both cases the host is Arch Linux and both have exactly the same configuration files: Here is imapd.conf: configdirectory: /srv/mail/cyrus partition-default: /srv/mail/cyrus/mail admins: cyrus sasl_pwcheck_method: saslauthd sasl_saslauthd_path: /var/run/saslauthd/mux allowplaintext: yes altnamespace: yes unixhierarchysep: yes virtdomains: userid defaultdomain: mydomain.com hashimapspool: true I know it's reading the correct file because I can force an error by temporarily corrupting it: Aug 5 21:44:14 localhost master[407]: invalid option name on line 1 of configuration file /etc/cyrus/imapd.conf Aug 5 21:44:14 localhost master[407]: exiting Firstly, saslauthd is running to use PAM for authentication and on both boxes I have tested this works using "testsaslauthd" getting identical results on both cases. ( in both cases the test was "testsaslauthd -u cyrus -p cyruspw -f /var/run/saslauthd/mux" and the result was "0: OK "Success."") Both boxes have the same sasl package, installed from the ArchLinux repository: # saslauthd -v saslauthd 2.1.23 authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap I try "imtest -a cyrus" on each box. On the 2.4.7 box it prompts for a password, which I enter, and I am told it is "Authenticated". On the 2.4.10 box it does not prompt for a password but just returns " Authentication failed. generic failure" The log shows it is trying to use GSSAPI despite my saslauthd configuration: Aug 5 21:41:11 localhost imtest: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found) If I put "sasl_mech_list: PLAIN" into imapd.conf and retry "imtest -a cyrus" on the 2.4.10 box I do get a password prompt but it still errors: The log then shows: Aug 5 21:46:10 localhost imap[491]: badlogin: localhost.localdomain [::1] PLAIN [SASL(-1): generic failure: Password verification failed] I also tried using telnet. On the 2.4.7 box it authenticates fine. On the 2.4.10 box I get "Login failed: generic failure" I tried using imtest from the new box to access the old box (imtest -a cyrus -m PLAIN old-box) and it authenticates: # imtest -a cyrus -m PLAIN 10.0.200.6 S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN AUTH=OTP AUTH=CRAM-MD5 AUTH=GSSAPI AUTH=LOGIN AUTH=DIGEST-MD5 SASL-IR] carbon Cyrus IMAP v2.4.7 server ready Please enter your password: C: A01 AUTHENTICATE PLAIN AGN5cnVzAGd1aW5uZXNz S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE IDLE] Success (no protection) Authenticated. Security strength factor: 0 I tried using imtest from the old box to access the new box (imtest -a cyrus -m PLAIN new-box). This prompts for a password but returns "Authentication failed. generic failure" # imtest -a cyrus -m PLAIN 10.0.200.6 S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN AUTH=OTP AUTH=CRAM-MD5 AUTH=GSSAPI AUTH=LOGIN AUTH=DIGEST-MD5 SASL-IR] carbon Cyrus IMAP v2.4.7 server ready Please enter your password: C: A01 AUTHENTICATE PLAIN AGN5cnVzAGd1aW5uZXNz S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE IDLE] Success (no protection) Authenticated. Security strength factor: 0 The log shows: Aug 5 22:02:54 localhost imap[733]: badlogin: [10.0.200.6] PLAIN [SASL(-1): generic failure: Password verification failed] I don't know what else to try. I have read and reread the documentation on cyrusimap.org for both Cyrus-IMAP and Cyrus SASL. The sasl tests are ok, imtest works from both boxes to connect to the 2.4.7 imapd but fails from both boxes when connecting to the 2.4.10 box. It appears to use saslauthd but for some reason isn't working. I would really appreciate some help. Thanks in advance. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
