hi all,
i'm trying to login to administer via cyradm, but am failing at:
% cyradm --auth DIGEST-MD5 --user testuser --server mail.internal.testdomain.com --port 143
cyradm: cannot authenticate to server with DIGEST-MD5 as testuser
with logs =
Dec 19 23:00:21 master[1611]: process 1618 exited, status 0 Dec 19 23:00:34 master[1622]: about to exec /usr/local/cyrus-imap/libexec/imapd Dec 19 23:00:34 imap[1622]: executed Dec 19 23:00:34 imap[1622]: accepted connection
details follow here:
i've successfully created the admin user:
% echo test | saslpasswd2 -p -c -u mail.internal.testdomain.com testuser ;\ % sasldblistusers2 [EMAIL PROTECTED]: userPassword
my imapd.conf is: ------------------------------------------------------- admins: testuser virtdomains: yes postmaster: postmaster defaultdomain: mail.internal.testdomain.com servername: mail.internal.testdomain.com configdirectory: /var/mail/imap defaultpartition: default partition-default: /var/mail/mailstore sievedir: /var/mail/sieve/ sendmail: /usr/local/postfix/sbin/sendmail loginrealms: localhost mail.internal.testdomain.com sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb allowanonymouslogin: no allowplaintext: no sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auto_transition: no sasl_minimum_layer: 256 sasl_maximum_layer: 1024 ###################### ## TLS config tls_ca_file: /var/security/my_CA_cert.pem tls_cert_file: /var/security/testdomain.pem tls_key_file: /var/security/testdomain_req.pem tls_cipher_list: ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH tls_require_cert: 0 tls_session_timeout: 0 autocreatequota: 10000 drachost: localhost dracinterval: 0 poptimeout: 10 quotawarn: 90 reject8bit: no timeout: 30 unixhierarchysep: yes altnamespace: yes sharedprefix: Shared Folders userprefix: Other Folders -------------------------------------------------------
my listeners are listening:
%netstat -an|grep LISTEN tcp4 0 0 127.0.0.1.143 *.* LISTEN tcp4 0 0 10.0.0.6.143 *.* LISTEN
i can telnet in to port 143:
% telnet localhost imap Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK mail.internal.testdomain.com Cyrus IMAP4 v2.2.10 server ready . logout * BYE LOGOUT received . OK Completed Connection closed by foreign host.
imtest via all allowed mechs Authenticates as expected:
% imtest -t "" -p imap -m plain -a testuser -u testuser localhost % imtest -t "" -p imap -m cram-md5 -a testuser -u testuser localhost % imtest -t "" -p imap -m digest-md5 -a testuser -u testuser localhost
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN AUTH=PLAIN AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN/CRAM-MD5/DIGEST-MD5
...
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
taking note of Ken Murchison's comments here:
# <http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=17963>
# You can't turn plaintext off and specify PLAIN as the only SASL
# mechanism, because cyram doesn't support SSL/TLS (which is this only way
# that PLAIN or IMAP LOGIN would be allowed with your config). Either
# allow plaintext, or add some other mechs (ie, CRAM-MD5) to the
# sasl_mech_list.
and trying:
% cyradm --auth DIGEST-MD5 --user testuser --server mail.internal.testdomain.com --port 143
results only in:
cyradm: cannot authenticate to server with DIGEST-MD5 as testuser
and the following in my cyrus-imap log:
Dec 19 23:00:21 master[1611]: process 1618 exited, status 0 Dec 19 23:00:34 master[1622]: about to exec /usr/local/cyrus-imap/libexec/imapd Dec 19 23:00:34 imap[1622]: executed Dec 19 23:00:34 imap[1622]: accepted connection
i _thought_ i'd found-n-followed the prior threads on this issue, making the appropriate changes in imapd.conf, etc.
clearly, i've missed something ...
any suggestions? i'm stumped for the moment =^|
thanks!
richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html