Problem authenticating with sasl in jail
norgaard at locolomo.org
Thu Jun 18 05:51:06 UTC 2009
Mel Flynn wrote:
>> Looking again on the logs:
>> Jun 17 23:39:17 jail imap: badlogin: jail.example.com [172.16.0.2]
>> plaintext cyrus at example.com SASL(-13): user not found: checkpass failed
>> The user cyrus exists, I can login and get shell access, but there may
>> be something about the realm, that causes the user not to be found? But:
> Any chance there's a minuserid in effect? dovecot doesn't allow logins from
> user id's <1000 by default. There may be a similar issue with Cyrus and sounds
> like something one would overlook.
No, the cyrus user has the same uid and passwd in both jail and on host.
> It still is disturbing that no mechanisms are found. Are there maybe left
> overs in site_perl/5.8.9?
I recently (may) deinstalled all packages and upgraded everything, there
are nothing perlish that should cause such problems:
I have checked using cyradm to connect from the host to host, host to
jail, jail to host and jail to jail. In all cases, I can connect with
the imap instance on the host, but not in the jail.
> Or do you have restrictions that only allow plain
> logins when tls is in effect?
There are indeed:
However, this is the same configuration that I have on the host where
everything works fine.
It appears to be something with the realm, really: I did a bad login on
the working server just to see what goes on there (user games):
Jun 18 07:46:28 <local6.notice> alpha imap: badlogin:
jail.example.com [172.16.0.2] plaintext games SASL(-13): authentication
failure: checkpass failed
And just for comparison, a successful login:
Jun 18 07:39:54 <local6.notice> alpha imap: login:
jail.example.com [172.16.0.2] cyrus plaintext User logged in
Both where I connect out from the jail to the host.
Note there is no realm specified contrary to the log entries found in
thanks again, Erik
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
More information about the freebsd-questions