[Web-cyradm] NO, Login failed: authentication failure

Marcel Hartmann (privat) mail at marcel-hartmann.com
Wed Feb 20 19:55:37 CET 2008 

Hello,

> What is wrong? Why can I log in as cyrus but not as admin?
> 
> # sasldblistusers2
> cyrus at sladekundsoehne.de: userPassword
> administrator at sladekundsoehne.de: userPassword

Have you try to look like this?

#testsaslauthd -u username -p password?

If you use cyradm, you log in per IMAP Protokoll, butyou must have the User in sasldb (mysql in the web-cyradm case!)
So configure your saslauthd or your auxprob pligin to look up usernames in mysql Database and try to test with testsaslauthd.

This should look like this:

# testsaslauthd -u domain.tld0001 -p <yourpassword>
0: OK "Success."

Webcyradm is usinf Prefixes for Usernames like domain.tld0001 to 0010 and so on.

If you use cyradm, and tell it to use PLANTEXT, there must be a imapd.conf entry witch says the
Cyrus Server thst PLANTEXT AUTH is ok and would be used. 

#less /etc/imapd.conf
...
sasl_pwcheck_method: saslauthd
sasl_mech_list: LOGIN PLAIN
...
admins: cyrus
postmaster: postmaster
allowanonymouslogin: no
allowplaintext: yes
...
unixhierarchysep: yes         <- if you have in webcyradm config.php ($mail_domain_AS_PREFIX=1;) enabled you must enable this too !!!
...

And to work correctly look at /etc/cyrusd.conf. There must be thomethink like this to allow logins as cyrus user from localhost per cyrus and deny them from extern IP Adresses to only allow virtual users to login. Only cyrus user has permissions to admin with cyradm or web-cyradm!!!

Less /etc/cyrus.conf
SERVICES {
  imap          cmd="imapd" listen="imap" prefork=5
  imaplocal     cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imap" prefork=0
  imaps         cmd="imapd -s" listen="imaps" prefork=1
  imapslocal    cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imaps" prefork=0
  pop3          cmd="pop3d" listen="pop3" prefork=3
  pop3s         cmd="pop3d -s" listen="pop3s" prefork=1
  sieve         cmd="timsieved" listen="sieve" prefork=0
  sievelocal    cmd="timsieved -C /etc/imapd-local.conf" listen="127.0.0.1:sieve" prefork=0

...

}

#man cyrus.conf says:

listen=<no default>
            The UNIX or internet socket to listen on.  This string field is required and takes one of the following forms:

            path
            [ host : ] port

            where path is the explicit path to a UNIX socket, host is either the hostname or bracket-enclosed IP address  of
            a network interface, and port is either a port number or service name (as listed in /etc/services).

As you can see there can be more than one imapd.conf config's to give all loginmethods other parameters to secure the server as you can. :-) Have you enabled the administrator user from your localhost? I ask because you have this error message:

root at domain:~# cyradm --user administrator --server localhost --auth plain
Password:
IMAP Password:
               Login failed: authentication failure at /usr/lib/perl5/Cyrus/IMAP/Admin.pm line 119
cyradm: cannot authenticate to server with plain as administrator

if you'll disable the cyrus or administrator User from a servicem like imaplocal, in the specified imapd-local.conf file you must disable the Paramater: admins: cyrus. Look at this tutorial: http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/cyrus-config.html. And for better understanding, use this web-cyradm howto but look at your Distributions Documents to get the latest Configuration Paramaters for your Serversoftware because this Tutorial is a little bit older. But the Way to get web-cyradm working is the same until now, there can only be one or two new parameters to have a look at witch aren’t named in the HowTo from Luc. :-)

Regards
Marcel

________________________________________

marcel hartmann  	    webdeveloper
bokeler landstrasse 24a     26215 wiefelstede
www  	              www.marcel-hartmann.com      
e-mail 	mail [at] marcel-hartmann [dot] com

More information about the Web-cyradm mailing list