Re: Problems Enabling Authentication using Cyrus SASL

["Dieter Kluenter" <dieter@dkluenter.de>]

Fernando Torrez <fernando_torrez@hotmail.com> writes:

> Hi all
>
>   I finally got work cyrus-imapd with cyrus-sasl (and with openldap as backend
> to authenticate users)
> I did telnet tests to both pop and imap services from localhost and worked
> great.
> but when I tried to do the same tests from other machine authentication fails:
>
> mail:~ # telnet 192.168.1.1 143
> Trying 192.168.1.1...
> Connected to 192.168.1.1.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=CRAM-MD5 AUTH=
> LOGIN AUTH=DIGEST-MD5 SASL-IR COMPRESS=DEFLATE] firewall Cyrus IMAP v2.3.16
> server ready
> imap LOGIN test secret1       
> imap NO Login failed: authentication failure

this shouldn't be LOGIN but AUTHENTICATE

> . logout
>
> I checked logs and found that openldap got authcid as: 'cyrus@joan.com.bo'
> instead of only 'cyrus' (my new proxyuser) (LOGS below)
> I have joan.com.bo configured in other linux server with named service
> installed and running for the LAN
> so  I think that when doing pop and imap tests from any other computer from
> LAN but localhost, the user sent from telnet to the server is filled up with
> that domain.
>
> Is there a way to bypass this? or a way to fix this problem?
>
> I know that cyrus-imapd can handle more than 1 domain, so I guess that it's
> probably a misconfiguration in openldap or cyrus imapd (CONFIGURATION FILES
> below)

man slapd.conf(5) and ldap.conf(5), you may define and propagate a
sasl-realm

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E