Date: Wed, 17 Jun 2009 14:43:06 -0800 From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> To: freebsd-questions@freebsd.org Subject: Re: Problem authenticating with sasl in jail Message-ID: <200906171443.07165.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> In-Reply-To: <4A3966FE.7020702@locolomo.org> References: <4A38D6FE.8000804@locolomo.org> <200906171204.38995.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <4A3966FE.7020702@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 17 June 2009 13:58:22 Erik Norgaard wrote: > Mel Flynn wrote: > > On Wednesday 17 June 2009 03:43:58 Erik Norgaard wrote: > >> I am migrating my imap server to a jail, I got the jail up and > >> cyrus-imapd starts. I have copied configuration files from the current > >> server, cyrus.conf, imapd.conf and passwd and group files. saslauthd is > >> running, yet when I try to login I get the error: > >> > >> IMAP Password: > >> Login failed: generic failure at > >> /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120 > >> cyradm: cannot authenticate to server with as cyrus > > > > ^^ > > Looks like there's missing something there. Would should be at that spot > > of the error message? Maybe a little context of line 120 in Admin.pm > > would help, for us that use dovecot. > > The lines giving that error is in fact in Cyrus::IMAP::Shell.pm: > > $cyradm->authenticate(-authz => $authz, -user => $auth, > -mechanism => $mech, -password => $pw, > -tlskey => $tlskey, -notls => $notls) > or die "cyradm: cannot authenticate to server with $mech as > $auth\n"; > > $mech is not defined, hence the missing word. I have tried running the > script specifying a mechanism giving the same error, though some > currious difference: > > jail# cyradm --user cyrus --auth plain 172.16.0.2 > Password: > IMAP Password: > Login failed: authentication failure at > /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120 > cyradm: cannot authenticate to server with plain as cyrus > jail# cyradm --user cyrus --auth login 172.16.0.2 > IMAP Password: > Login failed: authentication failure at > /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120 > cyradm: cannot authenticate to server with login as cyrus > > Looking again on the logs: > > Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com [172.16.0.2] > plaintext cyrus@example.com SASL(-13): user not found: checkpass failed > > The user cyrus exists, I can login and get shell access, but there may > be something about the realm, that causes the user not to be found? But: Any chance there's a minuserid in effect? dovecot doesn't allow logins from user id's <1000 by default. There may be a similar issue with Cyrus and sounds like something one would overlook. It still is disturbing that no mechanisms are found. Are there maybe left overs in site_perl/5.8.9? Or do you have restrictions that only allow plain logins when tls is in effect? -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906171443.07165.mel.flynn%2Bfbsd.questions>