IMAP 2.0.9/SASL 1.5.24 Auth Issues from Scott Adkins on 2001-02-09 (tru64-unix-managers)

From: Scott Adkins <adkinss_at_ohio.edu>
Date: Thu, 08 Feb 2001 10:33:05 -0500

I have compiled up the Cyrus IMAP server (2.0.9) on Tru64 5.0a. It is
using the SASL libraries (1.5.24) for authentication. The IMAP capability
command produces the following:

* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE AUTH=ANONYMOUS AUTH=DIGEST-MD5 AUTH=CRAM-MD5

The only authentication method that has worked so far is ANONYMOUS. All
of the other methods give me "NO authentication failure" followed by a
"Authentication failed. generic failure".

I have a /etc/sasldb file, owned by cyrus, and populated using saslpasswd
(with "root" and "sadkins" accounts). The sasldblistusers commands produce
the following output:

    user: root realm: cats.ohiou.edu mech: DIGEST-MD5
    user: sadkins realm: cats.ohiou.edu mech: PLAIN
    user: sadkins realm: cats.ohiou.edu mech: CRAM-MD5
    user: root realm: cats.ohiou.edu mech: PLAIN
    user: root realm: cats.ohiou.edu mech: CRAM-MD5
    user: sadkins realm: cats.ohiou.edu mech: DIGEST-MD5

The /usr/lib/sasl/Cyrus.conf file lists the following:

    pwcheck_method: sia

The /etc/imapd.conf also lists a line "sasl_pwcheck_method: sia". However,
using imtest or telnetting to the port directly, I choose other auth mechs
as well, and they all fail (except anonymous).

I suspected the SASL library was at fault, but here is the clincher. I
also compiled up the latest IMSP server, which uses the same libraries. It
uses the "sia" mech as well (which is the password file lookup mechanism
for Tru64). I can authenticate just fine on the IMSP server. I even had
suspected at one time or another that maybe SASL authentication was failing
on the IMSP server and that it was defaulting to a local authentication
scheme, but after debugging the server a little bit, I proved that IMSP was
indeed using SASL for its authentication, and that it was authenticating
successfully (where-as, the IMAP server is failing).

So, does anyone have any ideas what could be wrong here? I am at a total
loss here...

Thanks,
Scott

--
 +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
      Scott W. Adkins                http://www.cns.ohiou.edu/~sadkins/
   UNIX Systems Engineer                  mailto:adkinss_at_ohio.edu
        ICQ 7626282                 Work (740)593-9478 Fax (740)593-1944
 +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
     CNS, HDL Center, Suite 301, Ohio University, Athens, OH 45701-2979

Received on Thu Feb 08 2001 - 15:33:24 NZDT

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:41 NZDT