Re: help! upgraded to cyrus-sasl-2.1.17_1
On Mar 4, 2004, at 12:20 AM, Will Prater wrote: list, Your immediate help is greatly appreciated. I have just upgraded to cyrus-sasl-2.1.17_1 and I am having authentication problems. Saslauthd seems to be cutting of the username at the @ sign when trying to connect to the MySQL database. This is not allowing any users to authenticate as I am using Cyrus virtual domain support. Any ideas on what has changed and how I can fix this! I could attempt to use auxprop to bypass saslauthd, however, auxprop for sql does not seem to be loaded on my system, even when compiling cyrus_sasl I specified --with-sql Thanks in advance, im a bit worried here. TIA --will --will --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: help! upgraded to cyrus-sasl-2.1.17_1
On Mar 4, 2004, at 12:20 AM, Will Prater wrote: list, Your immediate help is greatly appreciated. I have just upgraded to cyrus-sasl-2.1.17_1 and I am having authentication problems. Saslauthd seems to be cutting of the username at the @ sign when trying to connect to the MySQL database. This is not allowing any users to authenticate as I am using Cyrus virtual domain support. Another thing I forgot to mention. It appears that sasl is taking the @ and assuming its the realm, however, cyrus must not be set up to interpret this. - Mar 4 00:21:56 stratus saslauthd[78553]: SELECT password FROM accountuser WHERE username='jmk' AND (popok=1) Mar 4 00:21:56 stratus saslauthd[78553]: pam_mysql: select returned more than one result Mar 4 00:21:56 stratus saslauthd[78553]: returning 7 after db_checkpasswd. Mar 4 00:21:56 stratus saslauthd[78553]: do_auth : auth failure: [user=jmk] [service=pop] [realm=domain.com] [mech=pam] [reason=PAM auth - Username use to come in as [EMAIL PROTECTED] Any ideas on what has changed and how I can fix this! TIA --will --will --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: help! upgraded to cyrus-sasl-2.1.17_1
On Mar 4, 2004, at 12:24 AM, Will Prater wrote: On Mar 4, 2004, at 12:20 AM, Will Prater wrote: list, Your immediate help is greatly appreciated. I have just upgraded to cyrus-sasl-2.1.17_1 and I am having authentication problems. Saslauthd seems to be cutting of the username at the @ sign when trying to connect to the MySQL database. This is not allowing any users to authenticate as I am using Cyrus virtual domain support. Another thing I forgot to mention. It appears that sasl is taking the @ and assuming its the realm, however, cyrus must not be set up to interpret this. - Mar 4 00:21:56 stratus saslauthd[78553]: SELECT password FROM accountuser WHERE username='jmk' AND (popok=1) Mar 4 00:21:56 stratus saslauthd[78553]: pam_mysql: select returned more than one result Mar 4 00:21:56 stratus saslauthd[78553]: returning 7 after db_checkpasswd. Mar 4 00:21:56 stratus saslauthd[78553]: do_auth : auth failure: [user=jmk] [service=pop] [realm=domain.com] [mech=pam] [reason=PAM auth - Username use to come in as [EMAIL PROTECTED] So I found this post and solved my problem. Looks like there were some changes from 1.15 - 1.17 :( http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus- saslsearchterm=patchmsg=4669 I would really like to get auxprop going now. --will --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: help! upgraded to cyrus-sasl-2.1.17_1
On Mar 4, 2004, at 12:24 AM, Will Prater wrote: On Mar 4, 2004, at 12:20 AM, Will Prater wrote: list, Your immediate help is greatly appreciated. I have just upgraded to cyrus-sasl-2.1.17_1 and I am having authentication problems. Saslauthd seems to be cutting of the username at the @ sign when trying to connect to the MySQL database. This is not allowing any users to authenticate as I am using Cyrus virtual domain support. Another thing I forgot to mention. It appears that sasl is taking the @ and assuming its the realm, however, cyrus must not be set up to interpret this. - Mar 4 00:21:56 stratus saslauthd[78553]: SELECT password FROM accountuser WHERE username='jmk' AND (popok=1) Mar 4 00:21:56 stratus saslauthd[78553]: pam_mysql: select returned more than one result Mar 4 00:21:56 stratus saslauthd[78553]: returning 7 after db_checkpasswd. Mar 4 00:21:56 stratus saslauthd[78553]: do_auth : auth failure: [user=jmk] [service=pop] [realm=domain.com] [mech=pam] [reason=PAM auth - Username use to come in as [EMAIL PROTECTED] after applying the patch mentioned in some earlier emails, I now have AUTH errors for every user that is still on the default domain! If someone could reply with a solution to allow authentication for the default domain as well that would be appreciated. Or if someone has access to the older FreeBSD ports please email me at [EMAIL PROTECTED] TIA Any ideas on what has changed and how I can fix this! TIA --will --will --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --will --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
upgrade problem/question
Hi. I have just upgraded to version 2.2.3, recompiled from Simons's rpm. I had also to upgrade to cyrus-sasl 2.1.17 cause the 2.1.10 was not accespted. The new version works fine, except when I activate the virtdomains option. When I do that I can not access my mailbox. My email client reports me this error: Unable to locate maildrop. returned by the server. Trying with squirrelmail I manage to log in but there and seems to be working. Still, the when postfix is delivering emails through lmtp, cyrus says that there is no such mailbox. In logs: Mar 4 06:46:28 ns1 pop3s[29763]: accepted connection Mar 4 06:46:28 ns1 master[29778]: about to exec /usr/lib/cyrus-imapd/pop3d Mar 4 06:46:28 ns1 pop3s[29778]: executed Mar 4 06:46:28 ns1 pop3s[29763]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits reused) no authentication Mar 4 06:46:28 ns1 pop3s[29763]: login: ** PLAIN User logged in I've tried with virtdomains and have done a test account. Could not login. badlogin: host [127.0.0.1] plaintext [EMAIL PROTECTED] SASL(-13): user not found: checkpass failed Is there any connection with sieve? Here is part of my configuration configdirectory: /var/lib/imap partition-default: /var/spool/imap sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail lmtpsocket: /var/spool/postfix/lmtp admins: cyrus allowanonymouslogin: no sieveuserhomedir: no hashimapspool: no allowplaintext: yes servername: ns1.holman.net #virtdomains: yes #defaultdomain: holman.net #allowusermoves: yes --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: auxprop vs saslauthd
Will Prater wrote: List, I am authenticating users to a MySQL backend and currently I am using PAM and saslauthd, however, I wish to restrict certain users to only using POP. I can create different service names in cyrus.conf, however, this does not allow the different service identifiers in PAM and the only other workaround I can seem to find is using auxprop. Auxprop will let me have a different MySQL select statement for any cyrus service. This is ideal for restriction users access. Is there a way to do such a thing with PAM. Can cyrus send a different service identifier for PAM when creating a new service in Cyrus.conf? The SASL service name for each protocol is always passed to saslauthd which in turn is passed to PAM. I currently have different PAM configs for IMAP (employees) and POP3 (family members). -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus 2.2.3 authentication GSS-API - why?
Hi all. I have a few simple questions (I hope). I have noticed that Cyrus IMAP 2.2.3 has a rather extensive support for GSS-API (part of Kerberos5). I'm pleased to see that all 4 major players in the Kerberos5 arena are recognized (MIT, Heimdal, CS and SEAM). However, I'm confused as to why this exists? Isn't SASL supposed to handle GSS-API as one of it's mechanisms? Why do I need to build GSS-API directly into Cyrus IMAP? What do I gain by that? Is there a separate Non-SASL, GSS-API authentication method for IMAP? While we're at it, what do MS clients on a machine within Active Directory Service (Kerberos5) use for authentication? Nix. --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus 2.2.3 authentication GSS-API - why?
On Thu, 4 Mar 2004, Nikola Milutinovic wrote: I have noticed that Cyrus IMAP 2.2.3 has a rather extensive support for GSS-API (part of Kerberos5). I'm pleased to see that all 4 major players in the Kerberos5 arena are recognized (MIT, Heimdal, CS and SEAM). However, I'm confused as to why this exists? Isn't SASL supposed to handle GSS-API as one of it's mechanisms? Yes -- and to do that it needs the GSSAPI libraries. Why do I need to build GSS-API directly into Cyrus IMAP? Well, Cyrus will wind up linking to it. Also, if you want to do Kerberos 5 canonicalization, Cyrus itself will need to make some Kerberos 5 calls. Is there a separate Non-SASL, GSS-API authentication method for IMAP? No. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: help! upgraded to cyrus-sasl-2.1.17_1
On Thu, 4 Mar 2004, Will Prater wrote: On Mar 4, 2004, at 12:20 AM, Will Prater wrote: list, Your immediate help is greatly appreciated. I have just upgraded to cyrus-sasl-2.1.17_1 and I am having authentication problems. Saslauthd seems to be cutting of the username at the @ sign when trying to connect to the MySQL database. This is not allowing any users to authenticate as I am using Cyrus virtual domain support. Another thing I forgot to mention. It appears that sasl is taking the @ and assuming its the realm, however, cyrus must not be set up to interpret this. You aren't using virtual domain support if you're using Cyrus 2.1.17 -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: help! upgraded to cyrus-sasl-2.1.17_1
On Thu, 4 Mar 2004, Rob Siemborski wrote: I have just upgraded to cyrus-sasl-2.1.17_1 and I am having authentication problems. Saslauthd seems to be cutting of the username at the @ sign when trying to connect to the MySQL database. This is not allowing any users to authenticate as I am using Cyrus virtual domain support. Another thing I forgot to mention. It appears that sasl is taking the @ and assuming its the realm, however, cyrus must not be set up to interpret this. You aren't using virtual domain support if you're using Cyrus 2.1.17 Nevermind me, that's your SASL version, not your IMAP version. Oops, -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Warning about your e-mail account.
Dear user of e-mail server Cmu.edu, Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information. Please, read the attach for further details. For security purposes the attached file is password protected. Password is 10846. Have a good day, The Cmu.edu team http://www.cmu.edu attachment: MoreInfo.zip
Re: Sasl/Postfix/SMTP AUTH
Shelly, Do you need to make any changes in /usr/lib/sasl2/smtpd.conf? Prentice Shelley Waltz wrote: I am running cyrus-sasl-2.1.17-1(Simon's rpms) with cyrus-imapd-2.2.3(Simon's rpms) and have authentication using saslauthd -ldap with mechanism plain with STARTTLS working fine. I am now tring to do the same with Postfix-2.0.18 such that it will relay if authenticated using SMTP AUTH. Even though saslauthd is started using saslauthd -ldap, it appears as though postfix tries to get the password from sasldb ... Mar 4 10:05:21 chipmunk postfix/postfix-script: starting the Postfix mail system Mar 4 10:05:21 chipmunk postfix/master[12079]: daemon started -- version 2.0.18 Mar 4 10:05:42 chipmunk imaps[11950]: accepted connection Mar 4 10:05:42 chipmunk imaps[11950]: TLS server engine: cannot load CA data Mar 4 10:05:48 chipmunk imaps[11950]: mystore: starting txn 2147483665 Mar 4 10:05:48 chipmunk imaps[11950]: mystore: committing txn 2147483665 Mar 4 10:05:48 chipmunk imaps[11950]: starttls: SSLv3 with cipher RC4-MD5 (128/128 bits new) no authentication Mar 4 10:05:54 chipmunk imaps[11950]: login: raven.cabm.rutgers.edu [192.76.178.8] shelley plain+TLS User logged in Mar 4 10:05:54 chipmunk imaps[11950]: seen_db: user shelley opened /usr/cyrus/imap/user/s/shelley.seen Mar 4 10:05:54 chipmunk imaps[11950]: open: user shelley opened INBOX Mar 4 10:05:56 chipmunk master[8912]: process 11801 exited, status 0 Mar 4 10:05:56 chipmunk master[12085]: about to exec /usr/lib/cyrus-imapd/imapd Mar 4 10:05:56 chipmunk imaps[12085]: executed Mar 4 10:06:29 chipmunk postfix/smtpd[12086]: connect from raven.cabm.rutgers.edu[192.76.178.8] Mar 4 10:06:29 chipmunk postfix/smtpd[12086]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Mar 4 10:06:29 chipmunk postfix/smtpd[12086]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Mar 4 10:06:29 chipmunk postfix/smtpd[12086]: warning: SASL authentication failure: Password verification failed Mar 4 10:06:29 chipmunk postfix/smtpd[12086]: warning: raven.cabm.rutgers.edu[192.76.178.8]: SASL PLAIN authentication failed Mar 4 10:06:53 chipmunk postfix/smtpd[12086]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Mar 4 10:06:53 chipmunk last message repeated 3 times Mar 4 10:06:53 chipmunk postfix/smtpd[12086]: warning: SASL authentication failure: Password verification failed Mar 4 10:06:53 chipmunk postfix/smtpd[12086]: warning: raven.cabm.rutgers.edu[192.76.178.8]: SASL PLAIN authentication failed If I then create a /usr/lib/sasl2/smtpd.conf file with the following: pwcheck_method : saslauthd the result is the following ... Mar 4 10:11:17 chipmunk postfix/master[12149]: daemon started -- version 2.0.18 Mar 4 10:11:48 chipmunk imaps[12085]: accepted connection Mar 4 10:11:48 chipmunk imaps[12085]: TLS server engine: cannot load CA data Mar 4 10:11:53 chipmunk imaps[12085]: mystore: starting txn 2147483667 Mar 4 10:11:53 chipmunk imaps[12085]: mystore: committing txn 2147483667 Mar 4 10:11:53 chipmunk imaps[12085]: starttls: SSLv3 with cipher RC4-MD5 (128/128 bits new) no authentication Mar 4 10:11:59 chipmunk imaps[12085]: login: raven.cabm.rutgers.edu [192.76.178.8] shelley plain+TLS User logged in Mar 4 10:11:59 chipmunk imaps[12085]: seen_db: user shelley opened /usr/cyrus/imap/user/s/shelley.seen Mar 4 10:11:59 chipmunk imaps[12085]: open: user shelley opened INBOX Mar 4 10:12:18 chipmunk postfix/smtpd[12155]: fatal: SASL per-process initialization failed Mar 4 10:12:19 chipmunk postfix/master[12149]: warning: process /usr/libexec/postfix/smtpd pid 12155 exit status 1 Mar 4 10:12:19 chipmunk postfix/master[12149]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Mar 4 10:12:41 chipmunk master[8912]: process 11950 exited, status 0 What is necessary in the configuration to get this to work. Below are my config files. [EMAIL PROTECTED] sasl2]# more /etc/saslauthd.conf ldap_servers: ldap://localhost/ ldap_search_base: dc=cabm.rutgers,dc=edu ldap_bind_dn: cn=chipmunk,dc=cabm.rutgers,dc=edu ldap_bind_pw: xx ldap_version: 3 #ldap_timeout: 5 #ldap_timelimit: 5 ldap_restart: yes ldap_scope: sub ldap_search_base: dc=cabm.rutgers,dc=edu ldap_auth_method: bind #ldap_filter: (|(uid=%u)(mail=%u)(alias=%u)) ldap_filter: (uid=%u) ldap_debug: 9 ldap_verbose: 1 ldap_ssl: no postfix/main.cf # sasl auth config broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = Shelley Waltz --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Prentice Bisbal Computer System Administrator Protein Data Bank Rutgers University --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List
Re: Sasl/Postfix/SMTP AUTH
/usr/lib/sasl2/smtpd.conf file has the following: pwcheck_method : saslauthd what else? On Thu, 4 Mar 2004, Prentice Bisbal wrote: Shelly, Do you need to make any changes in /usr/lib/sasl2/smtpd.conf? Prentice Shelley Waltz wrote: I am running cyrus-sasl-2.1.17-1(Simon's rpms) with cyrus-imapd-2.2.3(Simon's rpms) and have authentication using saslauthd -ldap with mechanism plain with STARTTLS working fine. I am now tring to do the same with Postfix-2.0.18 such that it will relay if authenticated using SMTP AUTH. Even though saslauthd is started using saslauthd -ldap, it appears as though postfix tries to get the password from sasldb ... Mar 4 10:05:21 chipmunk postfix/postfix-script: starting the Postfix mail system Mar 4 10:05:21 chipmunk postfix/master[12079]: daemon started -- version 2.0.18 Mar 4 10:05:42 chipmunk imaps[11950]: accepted connection Mar 4 10:05:42 chipmunk imaps[11950]: TLS server engine: cannot load CA data Mar 4 10:05:48 chipmunk imaps[11950]: mystore: starting txn 2147483665 Mar 4 10:05:48 chipmunk imaps[11950]: mystore: committing txn 2147483665 Mar 4 10:05:48 chipmunk imaps[11950]: starttls: SSLv3 with cipher RC4-MD5 (128/128 bits new) no authentication Mar 4 10:05:54 chipmunk imaps[11950]: login: raven.cabm.rutgers.edu [192.76.178.8] shelley plain+TLS User logged in Mar 4 10:05:54 chipmunk imaps[11950]: seen_db: user shelley opened /usr/cyrus/imap/user/s/shelley.seen Mar 4 10:05:54 chipmunk imaps[11950]: open: user shelley opened INBOX Mar 4 10:05:56 chipmunk master[8912]: process 11801 exited, status 0 Mar 4 10:05:56 chipmunk master[12085]: about to exec /usr/lib/cyrus-imapd/imapd Mar 4 10:05:56 chipmunk imaps[12085]: executed Mar 4 10:06:29 chipmunk postfix/smtpd[12086]: connect from raven.cabm.rutgers.edu[192.76.178.8] Mar 4 10:06:29 chipmunk postfix/smtpd[12086]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Mar 4 10:06:29 chipmunk postfix/smtpd[12086]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Mar 4 10:06:29 chipmunk postfix/smtpd[12086]: warning: SASL authentication failure: Password verification failed Mar 4 10:06:29 chipmunk postfix/smtpd[12086]: warning: raven.cabm.rutgers.edu[192.76.178.8]: SASL PLAIN authentication failed Mar 4 10:06:53 chipmunk postfix/smtpd[12086]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Mar 4 10:06:53 chipmunk last message repeated 3 times Mar 4 10:06:53 chipmunk postfix/smtpd[12086]: warning: SASL authentication failure: Password verification failed Mar 4 10:06:53 chipmunk postfix/smtpd[12086]: warning: raven.cabm.rutgers.edu[192.76.178.8]: SASL PLAIN authentication failed If I then create a /usr/lib/sasl2/smtpd.conf file with the following: pwcheck_method : saslauthd the result is the following ... Mar 4 10:11:17 chipmunk postfix/master[12149]: daemon started -- version 2.0.18 Mar 4 10:11:48 chipmunk imaps[12085]: accepted connection Mar 4 10:11:48 chipmunk imaps[12085]: TLS server engine: cannot load CA data Mar 4 10:11:53 chipmunk imaps[12085]: mystore: starting txn 2147483667 Mar 4 10:11:53 chipmunk imaps[12085]: mystore: committing txn 2147483667 Mar 4 10:11:53 chipmunk imaps[12085]: starttls: SSLv3 with cipher RC4-MD5 (128/128 bits new) no authentication Mar 4 10:11:59 chipmunk imaps[12085]: login: raven.cabm.rutgers.edu [192.76.178.8] shelley plain+TLS User logged in Mar 4 10:11:59 chipmunk imaps[12085]: seen_db: user shelley opened /usr/cyrus/imap/user/s/shelley.seen Mar 4 10:11:59 chipmunk imaps[12085]: open: user shelley opened INBOX Mar 4 10:12:18 chipmunk postfix/smtpd[12155]: fatal: SASL per-process initialization failed Mar 4 10:12:19 chipmunk postfix/master[12149]: warning: process /usr/libexec/postfix/smtpd pid 12155 exit status 1 Mar 4 10:12:19 chipmunk postfix/master[12149]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Mar 4 10:12:41 chipmunk master[8912]: process 11950 exited, status 0 What is necessary in the configuration to get this to work. Below are my config files. [EMAIL PROTECTED] sasl2]# more /etc/saslauthd.conf ldap_servers: ldap://localhost/ ldap_search_base: dc=cabm.rutgers,dc=edu ldap_bind_dn: cn=chipmunk,dc=cabm.rutgers,dc=edu ldap_bind_pw: xx ldap_version: 3 #ldap_timeout: 5 #ldap_timelimit: 5 ldap_restart: yes ldap_scope: sub ldap_search_base: dc=cabm.rutgers,dc=edu ldap_auth_method: bind #ldap_filter:
Re: Cyrus IMAP 2.2.3 ldapdb auxprop
If ldapdb auxprop plugin contacts with remote ldap server (i.e. sasl_ldapdb_mech: EXTERNAL is not possible): sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_ldapdb_uri: ldap://server.komi.mts.ru sasl_ldapdb_mech: GSSAPI i got error: slapd[5483]: do_sasl_bind: dn () mech GSSAPI slapd[5483]: conn=35 op=0 BIND dn= method=163 slapd[5483]: == sasl_bind: dn= mech=GSSAPI datalen=571 slapd[5483]: connection_operation: error: SASL bind in progress (tag=66). imap[20085]: badlogin: client.komi.mts.ru [1.1.1.1] CRAM-MD5 [SASL(-13): user not found: no secret in database] On client and server cyrus-sasl-2.1.17, openldap-2.2.6 Thanks! --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP 2.2.3 ldapdb auxprop
On Fri, 5 Mar 2004, Alex Deiter wrote: If ldapdb auxprop plugin contacts with remote ldap server (i.e. sasl_ldapdb_mech: EXTERNAL is not possible): Why not? sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_ldapdb_uri: ldap://server.komi.mts.ru sasl_ldapdb_mech: GSSAPI Can you use GSSAPI mech with ldapsearch? i got error: slapd[5483]: do_sasl_bind: dn () mech GSSAPI slapd[5483]: conn=35 op=0 BIND dn= method=163 slapd[5483]: == sasl_bind: dn= mech=GSSAPI datalen=571 slapd[5483]: connection_operation: error: SASL bind in progress (tag=66). imap[20085]: badlogin: client.komi.mts.ru [1.1.1.1] CRAM-MD5 [SASL(-13): user not found: no secret in database] On client and server cyrus-sasl-2.1.17, openldap-2.2.6 Does this work with client|server programs? Look in cyrus-sasl-2.1.17/sample. -- Igor --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
global sieve script?
This was posted in reference to a global sieve script: http://www.irbs.net/internet/info-cyrus/0112/0133.html It dates back to 2001. Is this capability now present in the latest cyrus package? I use simon matter's RPM. If so, this would be very cool. -j --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: global sieve script?
Joe Hrbek wrote: This was posted in reference to a global sieve script: http://www.irbs.net/internet/info-cyrus/0112/0133.html It dates back to 2001. Is this capability now present in the latest cyrus package? I use simon matter's RPM. If so, this would be very cool. -j Sieve scripts are indeed stored in bytecode, compiled, form in Cyrus 2.2.3 (2.2.2 too? I dont recall), but the capability of a site-side Sieve script.. I will be interested in such a beast :) -- Sergio Devojno Bruder[EMAIL PROTECTED] http://haxent.com.br 41 362-5930, 41 9127-6620 --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
fstating sieve
Hi, from time to time I see this in logs... lmtpunix[26971]: IOERROR: fstating sieve script /var/lib/imap/sieve/h/huricane/defaultbc: No such file or directory what is it about... I can see there that /var/lib/imap/sieve is empty. shouldn't someone(me?!?)/something create those directories? --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP 2.2.3 ldapdb auxprop
Igor Brezac :
If ldapdb auxprop plugin contacts with remote ldap server (i.e.
sasl_ldapdb_mech: EXTERNAL is not possible):
Why not?
How will ldapdb contact with removed ldap the server using EXTERNAL?
Use TLS ?
Can you use GSSAPI mech with ldapsearch?
Yes:
# kinit -k -t /etc/krb5.keytab service/cyrus
# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: service/[EMAIL PROTECTED]
Issued Expires Principal
Mar 5 08:55:58 Mar 5 18:55:58 krbtgt/[EMAIL PROTECTED]
# ldapsearch -Y GSSAPI -LLL -b 'dc=komi,dc=mts,dc=ru' '(uid=test)' uid
SASL/GSSAPI authentication started
SASL username: service/[EMAIL PROTECTED]
SASL SSF: 56
SASL installing layers
dn: cn=test,ou=People,dc=komi,dc=mts,dc=ru
uid: test
Does this work with client|server programs? Look in
cyrus-sasl-2.1.17/sample.
It work fine:
# ./server -p 777 -s ldap
trying 28, 1, 6
trying 2, 1, 6
accepted new connection
send: {57}
NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
recv: {6}
GSSAPI
recv: {1}
Y
recv: {571}
`[82][2]7[6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][2]0[82][2][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0]
[0][0][0][A3][82][1]6a[82][1]20[82][1].[A0][3][2][1][5][A1][D][1B][B]KOMI.MTS.RU[A2]0$[A0][3][2][1][1][A1][1D]0[1B][1B][4]ldap[1B][13]solveig.komi.mts.ru[A3][81][EF]0[81][EC][A0][3][2][1][10][A1][3][2][1][4][A2][81][DF][4][81][DC]X0hK%[FC]aO[F2][B3][6][D4]K[7F][8B][EA]E+:[91][CF][CD][DB][E4]m[98][CA]B[14][1A]|u[EE][C6][FA][FB][F6][FE][CC][FC][94][D6]+[E][E7]*[13][1]3[DE])[A8][D9][C5][EF][[[5][B0]I[AE][D0]vj[96]/[1C]/[86][FB][AF][BA]c[F1][F8][D1][F7][9E][E9][E3]W[E8]e[83]q[B0][9F][BB][95][C1][D][6]O;[9E][9B][A1][94][87]`Y[DC][F][DB]v[91][DE][B1][CA][C5][E4][1E][10][E3]'skV5d[ED][8][7F][D2][D1][84][1A][C8][FE][B0][3]d[0][CE]ds][C8][BF][1F][ED][C1]16T[CD][B5][19][F3]_[F9][D0][AF][F4][80]lB[F4]E:/[A3][84]E[D4][95]\[D5]$8[1A][F5][11][CD][D7]![A5][8A]2m[B8][90][87]
U`[F5][89][DF][CE][E]1[8E][9D]9I[DC]6[3]NT[92]j|t{(/[AD][A9]E[D]
6[C8][A4][81][D2]0[81][CF][A0][3][2][1][10][A2][81][C7][4][81][C4][D8]=[9]d3[A9][AD][8B][F][B2][F0][AC]k[B3][8D]Ck[15][94][1E][F]H[B8][5][A1][0]_X[A2]a[8][9A][88]s[D7][17][F8][C5][D7]a8\[F3]7[93][D][EE]|[12][BC][E][B7]'x:[8D]|[FC]o-[EE]K[95]-[CF]cn[83][9A]9[F8][A4]Wj[FA])\Xw[8D]1--[F2][E1][16][BF]+
[EC]H[CB]o[B9][EB][E8]^[4][EC]p[93][D1]o[E]F[3][E6]9cS[88][C6]2[8A][EA]![DC]GK[5][18][DA][FE][8B][E7]A[CD]jV[7F][9D]3[B1][81][C9][DF][CA]P[D2]F[DC][11]K[D5][A1][B7][B5]-[D5][FE]x[D3]N[DD][E5][F0][16]'.[90][FD][81][E0][A][C]FA6#[B9]QV[81]z[14]3[B0][D3][A4][[95][E1]=[82][94],[9][F7]=[DB]R8[BD][98]
send: {110}
`l[6][9]*[86]H[86][F7][12][1][2][2][2][0]o]0[[A0][3][2][1][5][A1][3][2][1][F][A2]O0M[A0][3][2][1][10][A2]F[4]DE[E1][9C][FF]X[B9][5]$[E8]'~[F5][A5]+[A4][D7]2{=[FB][15][C4][9E][97][C]*[CF]8)[89][91][81][D7][E3][A1][4][2][A0][EB][BF][12][FE]M[91]ZhF[15][8C][A4][A][D7][AD]A[E5][93][E][A4][5][E2][9D][93][8C]o1[91][F0]
recv: {0}
send: {65}
`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][91]U[C8]9[19]+[BD][B][8E][2])[BA][1B][15]~E[E][B7][91]r[19]0#X[8A]6N[E1][DD][10][A8][FE][B9][86][EC][CF][1][0][0][0][4][4][4][4]
recv: {65}
`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][D8][D4][12]zX[CF][9E][FE]t0[93]07[E3][8E][80][82]DJ[AE][DB]W6[C][BF][F4]:[1F][C0][B8][B8][D8]FO[85][B1][1][0][0][0][4][4][4][4]
successful authentication 'service/cyrus'
closing connection
# ./client -p 777 -s ldap solveig
receiving capability list... recv: {57}
NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
please enter an authorization id: send: {6}
GSSAPI
send: {1}
Y
send: {571}
`[82][2]7[6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][2]0[82][2][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0]
[0][0][0][A3][82][1]6a[82][1]20[82][1].[A0][3][2][1][5][A1][D][1B][B]KOMI.MTS.RU[A2]0$[A0][3][2][1][1][A1][1D]0[1B][1B][4]ldap[1B][13]solveig.komi.mts.ru[A3][81][EF]0[81][EC][A0][3][2][1][10][A1][3][2][1][4][A2][81][DF][4][81][DC]X0hK%[FC]aO[F2][B3][6][D4]K[7F][8B][EA]E+:[91][CF][CD][DB][E4]m[98][CA]B[14][1A]|u[EE][C6][FA][FB][F6][FE][CC][FC][94][D6]+[E][E7]*[13][1]3[DE])[A8][D9][C5][EF][[[5][B0]I[AE][D0]vj[96]/[1C]/[86][FB][AF][BA]c[F1][F8][D1][F7][9E][E9][E3]W[E8]e[83]q[B0][9F][BB][95][C1][D][6]O;[9E][9B][A1][94][87]`Y[DC][F][DB]v[91][DE][B1][CA][C5][E4][1E][10][E3]'skV5d[ED][8][7F][D2][D1][84][1A][C8][FE][B0][3]d[0][CE]ds][C8][BF][1F][ED][C1]16T[CD][B5][19][F3]_[F9][D0][AF][F4][80]lB[F4]E:/[A3][84]E[D4][95]\[D5]$8[1A][F5][11][CD][D7]![A5][8A]2m[B8][90][87]
U`[F5][89][DF][CE][E]1[8E][9D]9I[DC]6[3]NT[92]j|t{(/[AD][A9]E[D]
6[C8][A4][81][D2]0[81][CF][A0][3][2][1][10][A2][81][C7][4][81][C4][D8]=[9]d3[A9][AD][8B][F][B2][F0][AC]k[B3][8D]Ck[15][94][1E][F]H[B8][5][A1][0]_X[A2]a[8][9A][88]s[D7][17][F8][C5][D7]a8\[F3]7[93][D][EE]|[12][BC][E][B7]'x:[8D]|[FC]o-[EE]K[95]-[CF]cn[83][9A]9[F8][A4]Wj[FA])\Xw[8D]1--[F2][E1][16][BF]+
Re: Cyrus IMAP 2.2.3 ldapdb auxprop
Igor Brezac : But cyrus-imap 2.1.16 works fine for me with same configurion as cyrus-imap 2.2.3: sasl_pwcheck_method: auxprop sasl_auxprop_plugin: ldapdb sasl_ldapdb_uri: ldap://server.komi.mts.ru sasl_ldapdb_mech: GSSAPI # cyradm --user test --auth CRAM-MD5 solveig Password: solveig.komi.mts.ru imapd[69280]: login: solveig.komi.mts.ru[1.1.1.1] test CRAM-MD5 User logged in slapd[5483]: conn=38 fd=16 ACCEPT from IP=1.1.1.1:49836 (IP=0.0.0.0:389) ... slapd[5483]: do_sasl_bind: dn () mech GSSAPI slapd[5483]: conn=38 op=0 BIND dn= method=163 slapd[5483]: == sasl_bind: dn= mech=GSSAPI datalen=571 ... slapd[5483]: do_sasl_bind: dn () mech GSSAPI slapd[5483]: conn=38 op=2 BIND dn= method=163 slapd[5483]: == sasl_bind: dn= mech=continuing datalen=65 slapd[5483]: SASL Canonicalize [conn=38]: authcid=service/cyrus slapd[5483]: slap_sasl_getdn: id=service/cyrus [len=13] Thanks! -- , ., --- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
