From owner-freebsd-questions@FreeBSD.ORG Wed Jun 17 22:43:10 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A62810657C9 for ; Wed, 17 Jun 2009 22:43:10 +0000 (UTC) (envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net) Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 3C0468FC1E for ; Wed, 17 Jun 2009 22:43:08 +0000 (UTC) (envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net) Received: from smoochies.rachie.is-a-geek.net (mailhub.lan.rachie.is-a-geek.net [192.168.2.11]) by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id 0B96D7E842; Wed, 17 Jun 2009 14:43:08 -0800 (AKDT) From: Mel Flynn To: freebsd-questions@freebsd.org Date: Wed, 17 Jun 2009 14:43:06 -0800 User-Agent: KMail/1.11.4 (FreeBSD/8.0-CURRENT; KDE/4.2.4; i386; ; ) References: <4A38D6FE.8000804@locolomo.org> <200906171204.38995.mel.flynn+fbsd.questions@mailing.thruhere.net> <4A3966FE.7020702@locolomo.org> In-Reply-To: <4A3966FE.7020702@locolomo.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200906171443.07165.mel.flynn+fbsd.questions@mailing.thruhere.net> Cc: Subject: Re: Problem authenticating with sasl in jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2009 22:43:10 -0000 On Wednesday 17 June 2009 13:58:22 Erik Norgaard wrote: > Mel Flynn wrote: > > On Wednesday 17 June 2009 03:43:58 Erik Norgaard wrote: > >> I am migrating my imap server to a jail, I got the jail up and > >> cyrus-imapd starts. I have copied configuration files from the current > >> server, cyrus.conf, imapd.conf and passwd and group files. saslauthd is > >> running, yet when I try to login I get the error: > >> > >> IMAP Password: > >> Login failed: generic failure at > >> /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120 > >> cyradm: cannot authenticate to server with as cyrus > > > > ^^ > > Looks like there's missing something there. Would should be at that spot > > of the error message? Maybe a little context of line 120 in Admin.pm > > would help, for us that use dovecot. > > The lines giving that error is in fact in Cyrus::IMAP::Shell.pm: > > $cyradm->authenticate(-authz => $authz, -user => $auth, > -mechanism => $mech, -password => $pw, > -tlskey => $tlskey, -notls => $notls) > or die "cyradm: cannot authenticate to server with $mech as > $auth\n"; > > $mech is not defined, hence the missing word. I have tried running the > script specifying a mechanism giving the same error, though some > currious difference: > > jail# cyradm --user cyrus --auth plain 172.16.0.2 > Password: > IMAP Password: > Login failed: authentication failure at > /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120 > cyradm: cannot authenticate to server with plain as cyrus > jail# cyradm --user cyrus --auth login 172.16.0.2 > IMAP Password: > Login failed: authentication failure at > /usr/local/lib/perl5/site_perl/5.10.0/mach/Cyrus/IMAP/Admin.pm line 120 > cyradm: cannot authenticate to server with login as cyrus > > Looking again on the logs: > > Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com [172.16.0.2] > plaintext cyrus@example.com SASL(-13): user not found: checkpass failed > > The user cyrus exists, I can login and get shell access, but there may > be something about the realm, that causes the user not to be found? But: Any chance there's a minuserid in effect? dovecot doesn't allow logins from user id's <1000 by default. There may be a similar issue with Cyrus and sounds like something one would overlook. It still is disturbing that no mechanisms are found. Are there maybe left overs in site_perl/5.8.9? Or do you have restrictions that only allow plain logins when tls is in effect? -- Mel