[SOLVED] Re: old issue, again: "cyradm: cannot authenticate to server with DIGEST-MD5"

Mon, 20 Dec 2004 21:02:14 -0800 

hi,

after a bunch of digging (who knew there were 238+ list messages re: this issue ... ?!), it seems that the error I was getting is _somehow_ related to (in my case) an undef'd ENV var, specifically:

        $PERL5LIBS

the Cyrus-IMAP build installs perl modules in based on '$PERLPREFIX' & '$SITEPREFIX' vars, which it picks up from PERL_MM_OPT. checking, everything _is_ installed where it should be. in my case, that dir is:

        /usr/local/perl_libs/sitelib/darwin-thread-multi-2level

wherein i find:
        % ls -R Cyrus
                Cyrus:
                        IMAP  IMAP.pm  SIEVE
                Cyrus/IMAP:
                        Admin.pm  IMSP.pm  Shell.pm
                Cyrus/SIEVE:
                        managesieve.pm

if i set $PERL5LIBS to the perl modules' parent dir:

% setenv PERL5LIBS "/usr/local/perl_libs/sitelib/darwin-thread-multi-2level"

...


then, with, imapd.conf settings incl:

        sasl_pwcheck_method: auxprop
        sasl_auxprop_plugin: sasldb
        allowanonymouslogin: no
        allowplaintext: no
        sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5
        sasl_auto_transition: no
        sasl_minimum_layer: 128
        sasl_maximum_layer: 1024
        tls_cipher_list: ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
        tls_require_cert: 0
        tls_session_timeout: 0


i can (finally!) successfully login with cyradm:

%cyradm --auth DIGEST-MD5 --user [EMAIL PROTECTED] --server mail.internal.testdomain.com --port 143
Password:

mail.internal.testdomain.com> version

mail.internal.testdomain.com> version
        name       : Cyrus IMAPD
        version    : v2.2.10 2004/11/23 17:52:52
        vendor     : Project Cyrus
        support-url: http://asg.web.cmu.edu/cyrus
        os         : Darwin
        os-version : 7.7.0
        environment: Built w/Cyrus SASL 2.1.20
                                 Running w/Cyrus SASL 2.1.20
                                 Built w/Sleepycat Software: Berkeley DB 
4.2.52: (December  9, 2004)
                                 Running w/Sleepycat Software: Berkeley DB 
4.2.52: (December  9, 2004)
                                 Built w/OpenSSL 0.9.7e 25 Oct 2004
                                 Running w/OpenSSL 0.9.7e 25 Oct 2004
                                 CMU Sieve 2.2
                                 TCP Wrappers
                                 mmap = shared
                                 lock = fcntl
                                 nonblock = fcntl
                                 auth = unix
                                 idle = poll

one important note ... if you set 'sasl_minimum_layer' GREATER THAN '128 (bits)', you'll get an error on login, e.g.:

        [SASL(-15): mechanism too weak for this user: mech DIGEST-MD5 is too 
weak]"

OTOH, @ <= 128 bits, all is OK, and TLS still works as advertised/expected.

the frustrating part of this is that a grep on PERL5LIB in either my cyrus-sasl or cyrus-imap src/doc trees comes back empty ... i'd love to know where this dependency comes from!


hope this helps someone else!

cheers,

richard




---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to