I have a solution to the following problem now. The problem is that in
order to do SIA authentication under Compaq Tru64, you must be root. The
reason the IMSP server didn't have any problems was because the server
*does* run as root. However, the IMAP server immediately changes to the
cyrus user, and is no longer root when doing authentication. The end
result is the "authentication failed. generic failure" messages, which
tell me very little about the true nature of the problem.
The real solution was to use the pwcheck daemon, adding the SIA routines
to it to make it work. Since the daemon runs as root and SASL will connect
to it via a unix named socket, it all works good (though, not to my liking,
but hey, it still works). I will send a patch into the SASL group so that
the SIA routine stuff gets into the next version.
Anwyays, I feel significantly better for getting past this hurdle :-)
Scott
--On Thursday, February 08, 2001 9:47 AM -0500 Scott Adkins
<[EMAIL PROTECTED]> wrote:
> I have compiled up the Cyrus IMAP server (2.0.9) on Tru64 5.0a. It is
> using the SASL libraries (1.5.24) for authentication. The IMAP capability
> command produces the following:
>
> * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES IDLE AUTH=ANONYMOUS AUTH=DIGEST-MD5 AUTH=CRAM-MD5
>
> The only authentication method that has worked so far is ANONYMOUS. All
> of the other methods give me "NO authentication failure" followed by a
> "Authentication failed. generic failure".
>
> I have a /etc/sasldb file, owned by cyrus, and populated using saslpasswd
> (with "root" and "sadkins" accounts). The sasldblistusers commands
> produce the following output:
>
> user: root realm: cats.ohiou.edu mech: DIGEST-MD5
> user: sadkins realm: cats.ohiou.edu mech: PLAIN
> user: sadkins realm: cats.ohiou.edu mech: CRAM-MD5
> user: root realm: cats.ohiou.edu mech: PLAIN
> user: root realm: cats.ohiou.edu mech: CRAM-MD5
> user: sadkins realm: cats.ohiou.edu mech: DIGEST-MD5
>
> The /usr/lib/sasl/Cyrus.conf file lists the following:
>
> pwcheck_method: sia
>
> The /etc/imapd.conf also lists a line "sasl_pwcheck_method: sia".
> However, using imtest or telnetting to the port directly, I choose other
> auth mechs as well, and they all fail (except anonymous).
>
> I suspected the SASL library was at fault, but here is the clincher. I
> also compiled up the latest IMSP server, which uses the same libraries.
> It uses the "sia" mech as well (which is the password file lookup
> mechanism for Tru64). I can authenticate just fine on the IMSP server.
> I even had suspected at one time or another that maybe SASL
> authentication was failing on the IMSP server and that it was defaulting
> to a local authentication scheme, but after debugging the server a little
> bit, I proved that IMSP was indeed using SASL for its authentication, and
> that it was authenticating successfully (where-as, the IMAP server is
> failing).
>
> So, does anyone have any ideas what could be wrong here? I am at a total
> loss here...
>
> Thanks,
> Scott
--
+-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/
UNIX Systems Engineer mailto:[EMAIL PROTECTED]
ICQ 7626282 Work (740)593-9478 Fax (740)593-1944
+-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
CNS, HDL Center, Suite 301, Ohio University, Athens, OH 45701-2979
