saslauth problem / imap login does not work *fixed?*
Michael Schmitt
m.schmitt at hardworx-online.net
Tue Mar 15 00:28:41 CET 2005
Maybe final conclusion ;) a friend of mine helped me to debug the actual
problem. It is more or less unrelated to things that were suggested.
Here it is:
On monday, 14.03.2005, 23:35 +0100 Maurice Massar (from the university
of Karlsruhe/Germany) wrote:
hi,
I've seen "saslauthd: Domain/Realm not available" errors in the log too,
but I've been able to successfully authenticate and still get these.
First, I tried to login without SSL/TLS, and this failed with the real
error message being in /kolab/var/imapd/log/misc.log:
# /kolab/bin/imtest localhost -a test -w 1234 -v -m plain
<notice> imap[25826]: badlogin: kolab [127.0.0.1] PLAIN [SASL(-16):
encryption needed to use mechanism: security flagsdo not match required]
Ok, lets use ssl:
/kolab/bin/imtest localhost -a test -w 1234 -v -m plain -t ""
and it still fails:
<notice> imap[25835]: cross-realm login test at kolab.tcw.local denied
<notice> imap[25835]: badlogin: kolab [127.0.0.1] PLAIN [SASL(-13):
authentication failure: cross-realm login test at kolab.tcw.local denied]
I noticed that /kolab/etc/imapd/imapd.conf only includes
loginrealms: tcw.local
so I changed my test command again:
/kolab/bin/imtest localhost -a test at tcw.local -w 1234 -v -m plain -t ""
S: A01 OK Success (tls protection)
and it works (:
conclusion:
1) use SSL/TLS
2) login with user at domain instead of just user
cu
maurice
Some additional notes:
In conclusion 2) of Maurice, "user" refers to the actual uid of that
user. IF there is no seperat uid and the uid is just the primary
emailaddress... that could led to some really weird stuff. I did not
test that issue completely though. But I am really amazed that so less
people seem to stumble across that.
It may be a good idea to note that somewhere in the docs or (what I
would prefer) fix the real problem behind that issue. There is already a
bugreport concerning this at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298902
This bug is not only debian-related, as it seems it is in the upstream
release too. Maybe it is just a wishlist report, but in combination with
Kolab it can be really nasty ;) There is also a diff concerning this. It
was reported that this is already fixed in the new cyrus22 release
though.
What is (may be) left... saslauthd: Domain/Realm not available... as it
seems it does not cause any problems here, but a "fix" would be great
nevertheless.
regards
Michael
More information about the users
mailing list