[CentOS] imap on Centos 4

Aleksandar Milivojevic amilivojevic at pbl.ca
Fri May 6 19:29:15 UTC 2005


Tony Wicks wrote:
> Hi all, I've been trying to upgrade a mail server from Centos 3 to 
> Centos 4, the machine runs imap with local users only. I noticed that 
> the imap-2002d-11 package does not exist on Centos 4 and I'm guessing 
> that cyrus-imapd is a replacement. The problem is that users cannot 
> authenticate to cyrus -
> 
> May  7 06:32:14 #removed# imap[14650]: badlogin: #removed# [#removed#] 
> plaintext #removed# SASL(-1): generic failure: checkpass failed
> 
> Can anyone point me in the right direction ? thanks

Dovecot is direct replacement for wu-imapd.  If you want to use Cyrus, 
you would need to migrate all mailbox into Cyrus mailstore first, and 
change couple of things in sendmail configuration to instruct sendmail 
that it should use cyrus for local mail delivery (instead of procmail).

If you already did that, and really want to use Cyrus, check 
/etc/imapd.conf file.  What is the value of sasl_pwcheck_method?  Is it 
set to saslauthd?

While in imapd.conf file, check the value of sasl_mech_list.  Does it 
allow PLAIN and/or LOGIN (plaintext passwords)?  If yes, and you want to 
authenticate over SASL, do you allow plaintext passwords over 
unencrypted connection (non-TLS/SSL)?  Check allowplaintext option (if 
set to 0, you must use SSL/TLS for plaintext login).

If sasl_pwcheck_method is set to saslauthd, check if you enabled 
saslauthd service, and that saslauthd is running.

If saslauthd is running (needed only if you configured Cyrus to use it), 
check /etc/sysconfig/saslauthd file.

What is the value of MECH variable?

If your users are stored in /etc/passwd and /etc/shadow files, you can 
use either shadow or pam.  If they are on NIS, use pam (since shadow 
mechanism obviosly can handle only local files).  If your users are in 
LDAP, you'd need to create /etc/saslauthd.conf file and define where 
your LDAP server is inthere, and how to search for the users in your 
directory.

You can also install cyrus-imapd-utils package.  One of utilities that 
comes with it is imtest.  See the man page for it.  It can be used to 
test and debug all kinds of problems with IMAP servers (not only Cyrus, 
you can use it to debug Devocot, Courier or anything else).  Very handy 
utility even if you don't use Cyrus IMAPD.  It supports all kinds of 
authentication (plaintext, SASL stuff, Kerberos, SSL/TLS).

For example, if you use Kerberos for authentication:

    kinit  (to get Kerberos ticket, if you don't have one already)
    imtest -m GSSAPI -a username imap-server

Or to test plain plaintext over TLS (this will also give you list of 
supported authentication mechanisms before and after START TLS):

    imtest -t "" -m LOGIN -a username imap-server

Or plaintext over SASL (but this time, no TLS):

    imtest -m PLAIN -a username imap-server

And so on...

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7



More information about the CentOS mailing list