I'm having some problems with authentication running Cyrus IMAP 2.2.6 and SASL 2.1.19 on FreeBSD updated to RELENG_5_2 base system and the latest ports.
Basically, when attempting to login using imtest there's always a second or two delay, followed by "S: L01 NO Login failed: authentication failure". I'm using imtest with the following command: "imtest -m login -a test localhost".
Using the SASL sample client/server, I can authenticate fine using the user 'test' with any of the offered mechanisms.
CyrAdm also fails to login, giving the error "Login failed: authentication failure at /usr/local/lib/perl5/site_perl/5.8.2/mach/Cyrus/IMAP/Admin.pm line 118
cyradm: cannot authenticate to server with LOGIN as admin"
(Both the users test and admin exist and can be logged into with the sample client/server).
I've tried recompiling both suites of software (IMAP and SASL) to use different versions of Berkely DB to no avail. I also attempted to use saslauthd using sasldb, but that also fails to authenticate the user, logging the error message "saslauthd[20054]: do_auth : auth failure: [user=admin] [service=imap] [realm=] [mech=sasldb] [reason=Unknown]"
I was also getting this problem with older versions of IMAP and SASL I was attempting to get working before I upgraded my ports tree.
Posted below is excepts from logs and config files that may be of some use :).
Thanks very much, apologies if I left out some critical information ;)
Anton Jackson-Smith (Landrocker)
=== Typical imtest login attempt ===
[21:48:26] [EMAIL PROTECTED]: /usr/ports/mail/cyrus-imapd22/work# imtest -m login -a test localhost
S: * OK mail.dyingstar.net Cyrus IMAP4 v2.2.6 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=NTLM AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN test {4}
S: + go ahead
C: <omitted>
S: L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.
=========================
=== Typical Sample Client login attempt ====
[21:58:57] [EMAIL PROTECTED]: /usr/ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.19/sample# ./client -s saslauthd -m DIGEST-MD5 localhost
receiving capability list... recv: {57}
NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
send: {10}
DIGEST-MD5
send: {1}
N
recv: {124}
nonce="<snip for length>",realm="aries.dyingstar.net",qop="auth",charset=utf-8,algorithm=md5-sess
please enter an authentication id: test
please enter an authorization id: test
Password:
send: {246}
username="test",realm="aries.dyingstar.net",nonce="<snip for length>",nc=00000001,qop=auth,digest-uri="saslauthd/localhost",response=a9dcefae5af239d91886f0eabf948f22
recv: {40}
rspauth=af70d484fa5b5718132e8489daa25850
send: {0}
successful authentication closing connection" =================================
=== Log message generated from attempted imtest login ===
Jul 26 22:01:09 aries imap[32204]: badlogin: localhost [::1] plaintext test SASL(-13): user not found: checkpass failed
=========================================
=== Log message from imtest using saslauthd and imtest ===
saslauthd[20055]: do_auth : auth failure: [user=test] [service=imap] [realm=] [mech=sasldb] [reason=Unknown]
=========================================
=== imapd.conf (Comments stripped)=== configdirectory: /usr/local/cyrus/config partition-default: /usr/local/cyrus/spool unixhierarchysep: no servername: mail.dyingstar.net allowanonymouslogin: no quotawarn: 95 imapidresponse: no admins: admin singleinstancestore: yes duplicatesuppression: yes sieveusehomedir: false sievedir: /usr/local/cyrus/sieve sasl_pwcheck_method: auxprop lmtpsocket: /usr/local/cyrus/config/socket/lmtp idlesocket: /usr/local/cyrus/config/socket/idle notifysocket: /usr/local/cyrus/config/socket/notify =============================== --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html