I am now able to connect using imtest and authenticate using sasldb2 from both localhost and elsewhere. 1 - In imapd.conf insert the line: "virtdomains: userid". 2 - In the imtest command use: -a user@mydomain NOTE imtest -a user -r mydomain does NOT work. I have to remove the defaultdomain: line from imapd.conf otherwise imtest from another host fails. In the above mydomain has absolutly nothing to do with network domains. It is simply an additional grouping identifier "REALM" to be used in the auth database lookup process. For example: [root@imap-host ~]# saslpasswd2 -c test -u administration and [user@other-host ~]$ imtest -a test@administration imap-host Authenticates just fine. Charles Bradshaw On: Mon, 21 Jan 2013 17:47:53 +0000, Charles Bradshaw wrote > I am seeing an authentication problem when using imtest. I have > cyrus-imapd-utils-2.4.14-1.fc17.i686 > > The imtest man page says the -r switch specifies the 'realm', but -r > does not seem to work. > > I used: > [root@imap-server ~]# saslpasswd2 user > Password ... > and > [root@imap-server ~]# saslpasswd2 cyrus > ... > Which puts cyrus@imap-host.mydomain and user@imap-host@mydomain into > /etc/sasldb2 > > Now: > $ imtest -s -a cyrus localhost' > Authenticates. > > But > $ imtest -s -a cyrus imap-host > $ imtest -s -a cyrus -r imap-host.mydomain imap-host > > >From another host fails with: > "Authentication failed. generic failure" > > On the other hand: > $ imtest -s -a user localhost > $ imtest -s -a user > BOTH authenticate, but are pointless because I need to authenticate > for other, different, realms. > > If instead I use: > [root@imap-server ~]# saslpasswd2 -u mydomain user > Password ... > That is, secify the (badly named 'domain') realm realm for sasldb2. Now: > $ imtest -s -a user -r mydomain localhost > $ imtest -s -a user -r mydomain imap-host > > Both produce "Authentication failed. generic failure" > > The /var/log/maillog messages are equally un-helpfull: > > Jan 21 17:39:21 imap-host imaps[5610]: starttls: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits new) no authentication > > Jan 21 17:39:48 imap-host imaps[5610]: badlogin: localhost [::1] > DIGEST-MD5 [SASL(-13): user not found: no secret in database] > > Obviously I missed some 'realm' configuration for cyrus-imapd or > don't understand how to use -u realm for saslpasswd2 or the -r realm > parameter for imtest! > > I think I understood saslpasswd -u realm because I have realms > working for sendmail using saslauthd. > > What am I doing wrong? > > # cat /etc/imapd.conf > configdirectory: /var/lib/imap > partition-default: /var/spool/imap > admins: cyrus > sievedir: /var/lib/imap/sieve > sendmail: /usr/sbin/sendmail > hashimapspool: true > sasl_pwcheck_method: auxprop > sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 > sasl_auxprop_plugin:sasldb > #allowplaintext: no > #defaultdomain: mail > #loginrealms: mydomain > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > > I tried loginrealms: mydomain without success! > > The localhost test FQDN is imap-host.mydomain and my DNS works. > ie '$ host imap-host' produces imap-host.mydomain has address 192.168.#.# > > Thanks in advance, Charles Bradshaw > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus ------- End of Original Message ------- ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
