hi all,
i'm trying to login to administer via cyradm, but am failing at:
% cyradm --auth DIGEST-MD5 --user testuser --server mail.internal.testdomain.com --port 143
cyradm: cannot authenticate to server with DIGEST-MD5 as testuser
with logs =
Dec 19 23:00:21 master[1611]: process 1618 exited, status 0
Dec 19 23:00:34 master[1622]: about to exec
/usr/local/cyrus-imap/libexec/imapd
Dec 19 23:00:34 imap[1622]: executed
Dec 19 23:00:34 imap[1622]: accepted connection
details follow here:
i've successfully created the admin user:
% echo test | saslpasswd2 -p -c -u mail.internal.testdomain.com testuser ;\
% sasldblistusers2
[EMAIL PROTECTED]: userPasswordmy imapd.conf is:
-------------------------------------------------------
admins: testuser
virtdomains: yes
postmaster: postmaster
defaultdomain: mail.internal.testdomain.com
servername: mail.internal.testdomain.com
configdirectory: /var/mail/imap
defaultpartition: default
partition-default: /var/mail/mailstore
sievedir: /var/mail/sieve/
sendmail: /usr/local/postfix/sbin/sendmail
loginrealms: localhost mail.internal.testdomain.com
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
allowanonymouslogin: no
allowplaintext: no
sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5
sasl_auto_transition: no
sasl_minimum_layer: 256
sasl_maximum_layer: 1024
######################
## TLS config
tls_ca_file: /var/security/my_CA_cert.pem
tls_cert_file: /var/security/testdomain.pem
tls_key_file: /var/security/testdomain_req.pem
tls_cipher_list: ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
tls_require_cert: 0
tls_session_timeout: 0
autocreatequota: 10000
drachost: localhost
dracinterval: 0
poptimeout: 10
quotawarn: 90
reject8bit: no
timeout: 30
unixhierarchysep: yes
altnamespace: yes
sharedprefix: Shared Folders
userprefix: Other Folders
-------------------------------------------------------
my listeners are listening:
%netstat -an|grep LISTEN
tcp4 0 0 127.0.0.1.143 *.*
LISTEN
tcp4 0 0 10.0.0.6.143 *.*
LISTEN
i can telnet in to port 143:
% telnet localhost imap
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK mail.internal.testdomain.com Cyrus IMAP4 v2.2.10 server ready
. logout
* BYE LOGOUT received
. OK Completed
Connection closed by foreign host.
imtest via all allowed mechs Authenticates as expected:
% imtest -t "" -p imap -m plain -a testuser -u testuser localhost % imtest -t "" -p imap -m cram-md5 -a testuser -u testuser localhost % imtest -t "" -p imap -m digest-md5 -a testuser -u testuser localhost
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN AUTH=PLAIN AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN/CRAM-MD5/DIGEST-MD5
...
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
taking note of Ken Murchison's comments here:
# <http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=17963>
# You can't turn plaintext off and specify PLAIN as the only SASL
# mechanism, because cyram doesn't support SSL/TLS (which is this only way
# that PLAIN or IMAP LOGIN would be allowed with your config). Either
# allow plaintext, or add some other mechs (ie, CRAM-MD5) to the
# sasl_mech_list.
and trying:
% cyradm --auth DIGEST-MD5 --user testuser --server mail.internal.testdomain.com --port 143
results only in:
cyradm: cannot authenticate to server with DIGEST-MD5 as testuser
and the following in my cyrus-imap log:
Dec 19 23:00:21 master[1611]: process 1618 exited, status 0
Dec 19 23:00:34 master[1622]: about to exec
/usr/local/cyrus-imap/libexec/imapd
Dec 19 23:00:34 imap[1622]: executed
Dec 19 23:00:34 imap[1622]: accepted connectioni _thought_ i'd found-n-followed the prior threads on this issue, making the appropriate changes in imapd.conf, etc.
clearly, i've missed something ...
any suggestions? i'm stumped for the moment =^|
thanks!
richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
