From: sam wun (sam dot wun at authtec dot net)
Date: Tue Nov 16 2004 - 03:13:37 EST
Simon Matter wrote:
>>Hi,
>>
>>I got cyrus-imap2.2 and cyrus-sasl2.1.20 with saslauthd2 compiled in
>>FreeBSD 5.3.
>>I can successfully login with the following cyradm command:
>># cyradm -u cyrus --server gateway.mydom.com --auth plain
>>Password:
>>IMAP Password:
>> gateway.mydom.com>
>>The log corresponding to the above cyradm command is:
>>
>>Nov 16 06:06:43 gateway imap[73636]: badlogin: gateway.mydom.com
>>[192.168.4.88] PLAIN [SASL(-16): encryption needed to use mechanism:
>>security flags do not match required]
>>Nov 16 06:06:46 gateway perl: No worthy mechs found
>>Nov 16 06:06:50 gateway imap[73636]: login: gateway.mydom.com
>>[192.168.4.88] cyrus plaintext User logged in
>>
>>I can see there is some problem here eventhought cyradm login
>>successfully, but the second log message indicated that cyrus is logged
>>in.
>>Then, I also added bob at mydom dot com user account using the cyradm admin
>>shell.
>>
>>I further test the cyrus server by adding user at domain dot com to the
>>imap.password file:
>>pwadd -a bob at mydom dot com
>>
>>
>
>I'm not sure this will work. IIRC with pam the you have to use 'saslauth
>-r' to make it not remove everything behind @.
>
>
Thanks, it works from external mail client (mozilla).
The log msg is:
Nov 16 07:32:06 gateway imap[73957]: login: [192.168.4.235]
abc dot xyz at mydom dot com plaintext User logged in
But the following imtest command failed when I test it in the gateway as
root:
imtest -m plaintext -v -a bob at mydom dot com
The error log is:
Nov 16 07:30:17 gateway imap[73953]: badlogin: localhost.mydom.com [::1]
PLAIN [SASL(-16): encryption needed to use mechanism: security flags do
not match required]
Thanks
Sam
>Simon
>
>
>
>># cat imap.passwd
>>abc dot xyz at mydom dot com:$1$OxTrXXu7$SPv0UCpp4BuyFGy6uQkBn1
>>cyrus:$1$EUHsnXCc$qpuk26X8VPQnIifMbnap6.
>>bob at mydom dot com:$1$3gb6Wviv$0zrfF91CdEd3IlI7c62QQ1
>>
>>But imtest failed with the following message:
>>
>>Nov 16 06:05:16 gateway saslauthd[73020]: user not found in password
>>database
>>Nov 16 06:05:16 gateway imap[73621]: badlogin: gateway.mydom.com
>>[192.168.4.88] plaintext bob at mydom dot com SASL(-13): authentication
>>failure: checkpass failed
>>
>>I searched google, but found not much useful information.
>>Can anyone tell me how to fix this problem?
>>
>>I have saslauthd started with -a pam.
>>imapd.conf is defined with the option:
>>sasl_pwcheck_method: saslauthd
>>
>>Thanks
>>Sam
>>
>>
>>
>>
>
>
>
>
-- Senior Security Architect/Consultant AuthTec Gateway Limited Mobile: +852 9839 2464 Email: sam dot wun at authtec dot net Website: http://www.authtec.com
|
|
|