# cyrus-imapd ... shoud I give up ?!?

## VANSCHELVE

Hello together!

Hope, someone of you can help me whith this problem here...

I emerged cyrus-imapd whith dependend cyrus-sasl.

After I did so, I tried to start /etc/init.d/saslauthd but got an error message, that /var/lib/sasl2 directory did not exists... so I created it. After I did so, saslauthd comes up.

Then I tried to set the password for cyrus with saslpasswd2 cyrus. After entering and confirming the password I got an error message as follows:

Could not set secret for cyrus

saslpasswd2: generic failure

authd.log tolds me this:

Sep 28 17:16:01 serv001 saslpasswd2: unable to open Berkeley db /etc/sasl2/sasldb2: No such file or directory

so I created the directory

saslpasswd2 seems to work now, and sasldblistusers2 allthough

At this point I tried to test cyradm as follows...

cyradm --user cyrus localhost

cyradm: cannot authenticate to server with  as cyrus

authd.log tolds me this here:

Sep 28 17:18:50 serv001 imapd[12610]: unable to open Berkeley db /etc/sasl2/sasldb2: Permission denied

Sep 28 17:18:50 serv001 imapd[12610]: no OTP secret in database

Sep 28 17:18:53 serv001 perl: No worthy mechs found

OK. I changed the permissions of /etc/sasl2/sasldb2 this way:

chown cyrus:mail /etc/sasl2/sasldb2

And now I have no Idea what can I do else. Thist is the output of:

cyradm --user cyrus localhost

cannot authenticate to server with  as cyrus

And this is the output of /var/log/authd.log

Sep 28 17:24:16 serv001 perl: No worthy mechs found

and /var/log/messages

Sep 28 17:24:13 serv001 imapd[12618]: badlogin: localhost[127.0.0.1] OTP [SASL(-13): authentication failure: External SSF not good enough]

So please... anyone of you can help me???  :Rolling Eyes: 

----------

## maxpower

Is there any reason you want to use the sals databse for your passwords? You can have saslauthd use pam for authentication if you want. Otherwise, I don't know how to fix your salsdb problem, I use pam.

mAx

----------

## VANSCHELVE

All right mAx. But I'm not so professional in Linux authentication methodes. So, how do I enable pam for cyrus? When I use pam, can i remove the cyrus-sasl?

thanx, Hans-Gerd van Schelve

----------

## maxpower

No you still need cyrus-sasl as it provides an authentication layer between imapd and pam. Just setup saslauthd to use pam form authentication (ie saslauthd -a pam...I don't have it installed right now but I believe that is the right option, man it to be sure). I believe there may also be a sasluthd.conf file, check it too, and maybe your master.conf and imapd(cyrus).conf. I am sorry I am giving you so many files to look at but I don't have it installed currently. If you need more help, just post any part of the above files that mention authentication or sasl so I can jog my memory.

mAx

----------

## VANSCHELVE

I tried, what you suggest mAx, but it did not help...

I played a bit around with the imapd.conf file and changed the entry

allowplaintext: from no to yes and now i can login as cyrus....

But is that, what I realy want to do???

I don't think so. But, because it works this way I think there is a problem with password encryption for my sasl?

What is it, that I have to do?

You asked me for my configuration files. Here they are:

-------------------------------------------------------------------------------

/etc/imapd.conf

-------------------------------------------------------------------------------

hashimapspool:          yes

allowanonymouslogin:    no

allowplaintext:         yes

admins:                 cyrus

partition-default:      /var/spool/imap

sievedir:               /var/imap/sieve

configdirectory:        /var/imap

sasl_pwcheck_method:    saslauthd

-------------------------------------------------------------------------------

/etc/cyrus.conf

-------------------------------------------------------------------------------

START {

  recover       cmd="ctl_cyrusdb -r"

}

SERVICES {

  imap          cmd="imapd" listen="imap2" prefork=0

  pop3          cmd="pop3d" listen="pop-3" prefork=0

  sieve         cmd="timsieved" listen="sieve" prefork=0

  lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0

prefork=1

}

EVENTS {

  checkpoint    cmd="ctl_cyrusdb -c" period=30

  delprune      cmd="ctl_deliver -E 3" period=1440

  tlsprune      cmd="tls_prune" period=1440

}

-------------------------------------------------------------------------------

And as last the /etc/conf.d/saslauthd

-------------------------------------------------------------------------------

SASL_AUTHMECH=pam

SASL_RIMAP_HOSTNAME=""

SASL_TIME_OF_DAY_LOGIN_RESTRICTIONS=yes

[ -n ${SASL_AUTHMECH} ] && \

        SASLAUTHD_OPTS="-a ${SASL_AUTHMECH}"

[ -n ${SASL_RIMAP_HOSTNAME} ] && \

        SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -H ${SASL_RIMAP_HOSTNAME}"

[ -n ${SASL_TIME_OF_DAY_LOGIN_RESTRICTIONS} ] && \

        SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -T"

........................

So again, any Ideas?

Thanx a lot

Hans-Gerd van Schelve

----------

## maxpower

Thanks for jogging my memory. I know plain text passwords are generally bad, but this is what I had to do to get mine to work as well. It really depends on your network setup as it how bad of an idea this is; you could use SSL to secure the imap traffic. I am not really sure on how to do this, but I beleive it is either builtin into cyrus or it isn't, but if it is you should be able to simply tell your client to use SSL to connect to imap (ssl is a USE option for cyrus-imapd). If you have kde you can use kmail to find out if SSL is available from you imap server. Let me know if you need more!

mAx

----------

## kip

i have simillar problems on my system. i can't login with cyradm, even not when i activate plaintext in the impad.conf. when i try to set a password for the "cyrus" with saslpasswd2 appears the following in the syslog:

Oct  8 17:07:35 [saslpasswd2] error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found

Oct  8 17:07:35 [saslpasswd2] error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found

Oct  8 17:07:35 [saslpasswd2] error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found

Oct  8 17:07:35 [saslpasswd2] OTP: set secret for cyrus

and when i try to login with cyradm --user cyrus localhost appears this:

Oct  8 17:07:47 [imapd] mysql plugin couldnt connect to any host 

Oct  8 17:07:47 [imapd] mysql plugin couldnt connect to any host 

Oct  8 17:07:47 [imapd] badlogin: localhost[127.0.0.1] OTP [SASL(-13): authentication failure: External SSF not good enough]

Oct  8 17:07:50 [perl] No worthy mechs found

any ideas ??

----------

## logiqal

I'm not sure if you guys know this or not.  It confused me for some time, that's for sure.  I'm not sure if I'm stupid for not realizing this, or what.

When you run 'cyradm --user cyrus localhost' it won't prompt you for a password, it just waits (this is why i thought it wasn't working).  If you type in your password there that you did with the 'saslpasswd2 cyrus' it will work.  This works for me without plaintext passwords.

The only setting I ever changed was in "/etc/imapd.conf".  I uncommented the line "sasl_pwcheck_method:   saslauthd"

----------

## Scheich

 *logiqal wrote:*   

> I'm not sure if you guys know this or not.  It confused me for some time, that's for sure.  I'm not sure if I'm stupid for not realizing this, or what.
> 
> When you run 'cyradm --user cyrus localhost' it won't prompt you for a password, it just waits (this is why i thought it wasn't working).  If you type in your password there that you did with the 'saslpasswd2 cyrus' it will work.  This works for me without plaintext passwords.

 

oh my god, thank you so much for that hint! I could embrace you, I was close to eternal despair...  :Very Happy: 

----------

## metacove

I've ran cyrus for many years and I am beginning to get frustrated with it. The setup and structure of courier-imap seems more appealing to me lately.

----------

## Scheich

courier looked very appealing to me, I've taken the challenge and used the full courier-package to get the "fully integrated" system.

After setting up a lot (which is really quite nicely) I started all the stuff, and treid the esmtpd. With my preferred SSL I couldn't do anything, it just hangs up with my balsa.

Over usual smtp/25 I could send mails nicely, but they all disappear in nirvana without any entry in the logs.

So I'm back to postfix, and therefor cyrus, which right now works quite beautifully for me, except for:

- enable POP3 without APOP, which might be needed by others

- integrate SpamAssassin and sieve-filtering

It sounds manageble at least.  :Smile: 

----------

## guero61

Courier was incredibly simple for me, but I just used the courier-imap with postfix/mutt.  Charming little setup, but may not be so easy for other installations.  Followed the Desktop Guide section 6

----------

