[CentOS] imap on Centos 4
Aleksandar Milivojevic
amilivojevic at pbl.ca
Fri May 6 19:29:15 UTC 2005
Tony Wicks wrote:
> Hi all, I've been trying to upgrade a mail server from Centos 3 to
> Centos 4, the machine runs imap with local users only. I noticed that
> the imap-2002d-11 package does not exist on Centos 4 and I'm guessing
> that cyrus-imapd is a replacement. The problem is that users cannot
> authenticate to cyrus -
>
> May 7 06:32:14 #removed# imap[14650]: badlogin: #removed# [#removed#]
> plaintext #removed# SASL(-1): generic failure: checkpass failed
>
> Can anyone point me in the right direction ? thanks
Dovecot is direct replacement for wu-imapd. If you want to use Cyrus,
you would need to migrate all mailbox into Cyrus mailstore first, and
change couple of things in sendmail configuration to instruct sendmail
that it should use cyrus for local mail delivery (instead of procmail).
If you already did that, and really want to use Cyrus, check
/etc/imapd.conf file. What is the value of sasl_pwcheck_method? Is it
set to saslauthd?
While in imapd.conf file, check the value of sasl_mech_list. Does it
allow PLAIN and/or LOGIN (plaintext passwords)? If yes, and you want to
authenticate over SASL, do you allow plaintext passwords over
unencrypted connection (non-TLS/SSL)? Check allowplaintext option (if
set to 0, you must use SSL/TLS for plaintext login).
If sasl_pwcheck_method is set to saslauthd, check if you enabled
saslauthd service, and that saslauthd is running.
If saslauthd is running (needed only if you configured Cyrus to use it),
check /etc/sysconfig/saslauthd file.
What is the value of MECH variable?
If your users are stored in /etc/passwd and /etc/shadow files, you can
use either shadow or pam. If they are on NIS, use pam (since shadow
mechanism obviosly can handle only local files). If your users are in
LDAP, you'd need to create /etc/saslauthd.conf file and define where
your LDAP server is inthere, and how to search for the users in your
directory.
You can also install cyrus-imapd-utils package. One of utilities that
comes with it is imtest. See the man page for it. It can be used to
test and debug all kinds of problems with IMAP servers (not only Cyrus,
you can use it to debug Devocot, Courier or anything else). Very handy
utility even if you don't use Cyrus IMAPD. It supports all kinds of
authentication (plaintext, SASL stuff, Kerberos, SSL/TLS).
For example, if you use Kerberos for authentication:
kinit (to get Kerberos ticket, if you don't have one already)
imtest -m GSSAPI -a username imap-server
Or to test plain plaintext over TLS (this will also give you list of
supported authentication mechanisms before and after START TLS):
imtest -t "" -m LOGIN -a username imap-server
Or plaintext over SASL (but this time, no TLS):
imtest -m PLAIN -a username imap-server
And so on...
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the CentOS
mailing list