LOGIN & PLAIN auth OK; CRAM-MD5 & DIGEST-MD5 fail w/ "no mechanism available: security flags do not match required"

Tue, 02 Nov 2004 16:48:48 -0800 

hi all,

one step at a time with this business ... =)

i've:

        Cyrus-SASL-2.1.9
        Cyrus-IMAP-2.2.8

built on OSX.

after verifying that my imtest etc. are actually linked to the RIGHT libsasl (previous 
post), i can verify LOGIN AUTH works:

        % imtest -t "" -m LOGIN -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap 
testserver.testdomain.com

                S: C01 OK Completed
                Please enter your password:
                C: L01 LOGIN [EMAIL PROTECTED] {6}
                S: + go ahead
                C: <omitted>
                S: L01 OK User logged in
                Authenticated.
                Security strength factor: 256

as well as PLAIN AUTH w/ a TLS WRAPPER

        % imtest -t "" -m PLAIN -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap 
testserver.testdomain.com

                S: C01 OK Completed
                Please enter your password:
                C: A01 AUTHENTICATE PLAIN 
c2l0ZbmNlLWdyb3VwLm5lHJlc2pbkB0aVuY2UWFkbWluQHRpZWRnYXIuaW50ZXJuYWwucmFsLnByZXNltZ3JvdXAubmV0AHNpdGVhZG1WVkZ2FyLmludGVybdABDSEFOR0U=
                S: A01 OK Success (tls protection)
                Authenticated.
                Security strength factor: 256

BUT, neither CRAM-MD5 nor DIGEST-MD5 seem to work:

        % imtest -t "" -m CRAM-MD5 -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap 
testserver.testdomain.com

                S: C01 OK Completed
                C: A01 AUTHENTICATE CRAM-MD5
                S: A01 NO no mechanism available
                Authentication failed. generic failure
                Security strength factor: 256

        % imtest -t "" -m DIGEST-MD5 -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap 
testserver.testdomain.com

                S: C01 OK Completed
                C: A01 AUTHENTICATE DIGEST-MD5
                S: A01 NO no mechanism available
                Authentication failed. generic failure
                Security strength factor: 256

tailing system.log, i see:


    imap[892]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no 
authentication
imap[893]: badlogin: testserver.testdomain.com [10.0.0.1] CRAM-MD5 [SASL(-4): no 
mechanism available: security flags do not match required]

        imap[899]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no 
authentication
imap[900]: badlogin: testserver.testdomain.com [10.0.0.1] DIGEST-MD5 [SASL(-4): no 
mechanism available: security flags do not match required]

, respectively.

checking in my SASL plugin dir (/usr/local/cyrus-sasl/lib/sasl2) it looks as if all 
the appropriate modules are there ...

i'm a mite confused as to why ONE mechanism IS available (PLAIN), and the others are 
not.

pointers in the right direction?

thx,

richard
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to