On 1/22/08, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Alain Reguera Delgado schrieb: > > On 1/22/08, Alexander Dalloz <ad+lists at uni-x.org> wrote: ... > >> Sure the CentOS 5 default cyrus.conf uses SASL auxprop with sasldb > plugin? > >> > > > > Don't know :(. I haven't touch /etc/cyrus.conf. Just /etc/imapd.conf > > to use auxprop. Should I modify /etc/cyrus.conf ? This is my first > > experience with sieve configuration. > > > O sorry. I meant imapd.conf when speaking about the SASL setup for > cyrus-imapd. You may post your imapd.conf. Here is the /etc/imapd.conf file. configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus cyrusadm sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt virtdomains: yes defaultdomain: example.com unixhierarchysep: yes > > > >>> >From localhost, when trying imtest, authentication works fine ... I'm > >>> using auxprop with sasldb2 here in a CentOS 5.0 box. > >>> > >>> Some idea ? > >>> > I wonder that `imtest' succeeds and `sivtest' fails. I think it would > help if you provide an `imtest' run in verbose mode (parameter "-v"). Yep. See: S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS] orion.example.com Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-1.1.el5 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH S: C01 OK Completed Please enter your password: C: L01 LOGIN al {15} S: + go ahead C: <omitted> S: L01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged in Authenticated. Security strength factor: 0 C: Q01 LOGOUT Connection closed. > > ... > > > >> What does `sivtest' tell you? > >> > > > > S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5" > > S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation > > imapflags notify envelope relational regex subaddress copy" > > S: "STARTTLS" > > S: OK > > Authentication failed. generic failure > > Security strength factor: 0 > > C: LOGOUT > > Connection closed. > > > Ok. The server even fails to offer authentication properly. Please run > it again in verbose mode with parameter "-v". Not too much difference from previous one: S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5" S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" S: "STARTTLS" S: OK Authentication failed. generic failure Security strength factor: 0 C: LOGOUT Connection closed. > > > >> Try with non LOGIN nor PLAIN mech. > >> > > > > How could we do that ? > > > man sivtest -> -m mech Yep, but which method should we use after -m ... auxprop ? > > > >> Alexander > >> > >> > > > > Thank you very much Alexander > > > > ... > You are welcome. Please be as specific about your cyrus-imapd setup as > you can be. Providing config files and some more info is recommeded. For > instance please show us `ls -al /etc/sasldb' -r--r----- 1 cyrus mail 12288 Jan 22 00:43 /etc/sasldb2 > and the output of > `sasldblistusers2'. al at orion.example.com: userPassword You are aware that you will always have realmed > users? Means you won't have a user "al" but "al at realm" (the realm is > your hostname if you don't specify a different one when running > `saslpasswd2'). Yes, it is nice to remember that. This was one of the main reasons of using auxprop. When this small mail server was configured,at the beginning, this configuration used two virtual domains (i.e, example-1.com, example-2.com) plus default one, example.com. With this, I was able to set passwords to user at example-1.com and user at example-2.com and user at example.com independently as completely different users. Correct me if it is wrong, please. At this moment all virtual domain accounts doesn't exist. > > Alexander > Cheers, al.