Cyrus SASL

I run a Gentoo server which, among other things, acts as email server with IMAP and SMTP access. Both protocols are protected by TLS and I run the Cyrus SASL authentication layer underneath.

This section is not do much a setup guide as a collection of troubleshooting hints. Cyrus SASL has a habit of being notoriously difficult to setup and just as difficult to debug should it ever fail. However, once it is setup properly, it is as stable as a rock, so.. :)

Here's a collection of the various errors I've encountered and the solutions I found:

Login Problems

If the server fails to authenticate you even when you know that your user is present in the sasl database, have a look in '/var/log/messages' and see if you can find anything like this:

  badlogin: port621.ds1-ynoe.adsl.cybercity.dk [217.157.176.252] DIGEST-MD5 [SASL(-13): user not found: no secret in database]
Note that if you (like me) use the sasldb2 for authentication rather than saslauthd, this will be logged by the program trying to authenticate you (in my case, 'imap' or 'smtp'). What it is saying here, is that the SASL database does not contain an entry for the specified user. Most likely, you have not created the user properly, but there is another reason it might fail with this message:

Access rights to the sasldb2 file

Verify that the user that the server program is running as has access to the sasldb2 file.

You could leave a comment if you were logged in.
setup/gentoo/server/cyrus_sasl.txt · Last modified: 2010/03/08 21:03 by fronck
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki