Problem authenticating with sasl in jail

Erik Norgaard norgaard at
Thu Jun 18 19:21:53 UTC 2009

Mel Flynn wrote:
> On Wednesday 17 June 2009 21:51:03 Erik Norgaard wrote:
>>>> Jun 17 23:39:17 jail imap[8412]: badlogin: []
>>>> plaintext cyrus at SASL(-13): user not found: checkpass failed
> So does the imap server know the domain name? How does it figure it out? Does 
> it know to strip domain names because you configured the unix passwd backend?
> If it uses the domainname command to figure out the domainname, you may have 
> it set on the working server, yet not on the jail.
> Any differences related to domains in /etc/rc.conf and /etc/resolv.conf that 
> might shed some light?

I added the line


to imapd.conf, this line is not in my working server configuration, 
however, it does make the realm part go away from the error message, not 
that it solves the problem though:

Jun 18 21:09:57 jail imap[22562]: badlogin: 
[] plaintext cyrus SASL(-1): generic failure: checkpass failed

Now, adding debug mode to saslautd, I got some extra info in auth.log:

Jun 18 21:13:21 jail saslauthd[21300]: DEBUG: auth_pam: pam_authenticate 
failed: authentication error
Jun 18 21:13:21 jail saslauthd[21300]: do_auth         : auth failure: 
[user=cyrus at] [service=imap] [realm=] [mech=pam] [reason=PAM 
auth error]

I have checked /etc/pam.d in the jail against the host and they are 
identical, also /usr/local/etc/pam.d - both empty. Are there any known 
problems with pam in jails?

> I'm sorry I can't be of more Cyrus specific help.

Thanks for taking your time, Erik

Erik Nørgaard
Ph: +34.666334818/+34.915211157        

More information about the freebsd-questions mailing list