hi,
after a bunch of digging (who knew there were 238+ list messages re: this issue ... ?!), it seems that the error I was getting is _somehow_ related to (in my case) an undef'd ENV var, specifically:
$PERL5LIBS
the Cyrus-IMAP build installs perl modules in based on '$PERLPREFIX' & '$SITEPREFIX' vars, which it picks up from PERL_MM_OPT. checking, everything _is_ installed where it should be. in my case, that dir is:
/usr/local/perl_libs/sitelib/darwin-thread-multi-2level
wherein i find: % ls -R Cyrus Cyrus: IMAP IMAP.pm SIEVE Cyrus/IMAP: Admin.pm IMSP.pm Shell.pm Cyrus/SIEVE: managesieve.pm
if i set $PERL5LIBS to the perl modules' parent dir:
% setenv PERL5LIBS "/usr/local/perl_libs/sitelib/darwin-thread-multi-2level"
...
then, with, imapd.conf settings incl:
sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb allowanonymouslogin: no allowplaintext: no sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5 sasl_auto_transition: no sasl_minimum_layer: 128 sasl_maximum_layer: 1024 tls_cipher_list: ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH tls_require_cert: 0 tls_session_timeout: 0
i can (finally!) successfully login with cyradm:
%cyradm --auth DIGEST-MD5 --user [EMAIL PROTECTED] --server mail.internal.testdomain.com --port 143
Password:
mail.internal.testdomain.com> version
mail.internal.testdomain.com> version name : Cyrus IMAPD version : v2.2.10 2004/11/23 17:52:52 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : Darwin os-version : 7.7.0 environment: Built w/Cyrus SASL 2.1.20 Running w/Cyrus SASL 2.1.20 Built w/Sleepycat Software: Berkeley DB 4.2.52: (December 9, 2004) Running w/Sleepycat Software: Berkeley DB 4.2.52: (December 9, 2004) Built w/OpenSSL 0.9.7e 25 Oct 2004 Running w/OpenSSL 0.9.7e 25 Oct 2004 CMU Sieve 2.2 TCP Wrappers mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = poll
one important note ... if you set 'sasl_minimum_layer' GREATER THAN '128 (bits)', you'll get an error on login, e.g.:
[SASL(-15): mechanism too weak for this user: mech DIGEST-MD5 is too weak]"
OTOH, @ <= 128 bits, all is OK, and TLS still works as advertised/expected.
the frustrating part of this is that a grep on PERL5LIB in either my cyrus-sasl or cyrus-imap src/doc trees comes back empty ... i'd love to know where this dependency comes from!
hope this helps someone else!
cheers,
richard
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html