archaro
commented
1 year ago Problem solved, and it was, as I expected, a configuration problem.
The magic words are: virtdomains: userid
defaultdomain:
logonrealms:
In other words, defaultdomain should not be set. The value of logonrealms in this context is irrelevant.
This is starting to make me cry.
I'm having awful trouble authenticating through imap. I am using cyrus-imapd, cyrus-sasl, and pam-mysql, running on Ubuntu 22.04.
Relevant options in my imapd.conf: sasl_mech_list: LOGIN PLAIN loginrealms: example.org defaultdomain: example.org sasl_pwcheck_method: saslauthd sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
I'm running saslauthd like this: saslauthd -Vd -a pam -m /var/spool/postfix/var/run/saslauthd -r
Testing with testsaslauthd is fine: testsaslauthd -u test -p test -r example.org -s imap -f /var/spool/postfix/var/run/saslauthd/mux 0: OK "Success."
auth.log contains: :auth success: [user=test@example.org] [service=imap] [realm=example.org] [mech=pam]
However, testing with imtest is an occasion of great sadness: /usr/lib/cyrus/bin/imtest -a test -r example.org -w test S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=LOGIN AUTH=PLAIN SASL-IR] www.example.org Cyrus IMAP 3.4.3-dirty-Debian-3.4.3-3build2 server ready C: A01 AUTHENTICATE PLAIN AHRlc3QAdGVzdA== S: A01 NO authentication failure Authentication failed. generic failure Security strength factor: 0
auth.log contains: :auth failure: [user=test] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
If I run imtest with a user with no domain (eg the cyrus admin user), the login is successful.
Comparing the entries in auth.log, it would appear that the realm is being passed by testsaslauthd, but not being passed by imtest.
I am now going round in circles and getting desperate. I feel certain that I'm missing a config option in imapd.conf, but I can't work out what it is...