Problem authenticating with sasl in jail

Mel Flynn mel.flynn+fbsd.questions at mailing.thruhere.net
Wed Jun 17 22:43:10 UTC 2009 

On Wednesday 17 June 2009 13:58:22 Erik Norgaard wrote:
> Mel Flynn wrote:
> > On Wednesday 17 June 2009 03:43:58 Erik Norgaard wrote:
> >> I am migrating my imap server to a jail, I got the jail up and
> >> cyrus-imapd starts. I have copied configuration files from the current
> >> server, cyrus.conf, imapd.conf and passwd and group files. saslauthd is
> >> running, yet when I try to login I get the error:
> >>
> >> IMAP Password:
> >>                Login failed: generic failure at
> >> /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120
> >> cyradm: cannot authenticate to server with  as cyrus
> >
> >                                             ^^
> > Looks like there's missing something there. Would should be at that spot
> > of the error message? Maybe a little context of line 120 in Admin.pm
> > would help, for us that use dovecot.
>
> The lines giving that error is in fact in Cyrus::IMAP::Shell.pm:
>
>      $cyradm->authenticate(-authz => $authz, -user => $auth,
>                            -mechanism => $mech, -password => $pw,
>                            -tlskey => $tlskey, -notls => $notls)
>        or die "cyradm: cannot authenticate to server with $mech as
> $auth\n";
>
> $mech is not defined, hence the missing word. I have tried running the
> script specifying a mechanism giving the same error, though some
> currious difference:
>
> jail# cyradm --user cyrus --auth plain 172.16.0.2
> Password:
> IMAP Password:
>                Login failed: authentication failure at
> /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120
> cyradm: cannot authenticate to server with plain as cyrus
> jail# cyradm --user cyrus --auth login 172.16.0.2
> IMAP Password:
>                Login failed: authentication failure at
> /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120
> cyradm: cannot authenticate to server with login as cyrus
>
> Looking again on the logs:
>
> Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com [172.16.0.2]
> plaintext cyrus at example.com SASL(-13): user not found: checkpass failed
>
> The user cyrus exists, I can login and get shell access, but there may
> be something about the realm, that causes the user not to be found? But:

Any chance there's a minuserid in effect? dovecot doesn't allow logins from 
user id's <1000 by default. There may be a similar issue with Cyrus and sounds 
like something one would overlook.
It still is disturbing that no mechanisms are found. Are there maybe left 
overs in site_perl/5.8.9? Or do you have restrictions that only allow plain 
logins when tls is in effect?
-- 
Mel

More information about the freebsd-questions mailing list