Auth problems with cyrus + sasl + ldap
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cyrus21-imapd (Ubuntu) |
Incomplete
|
Medium
|
Unassigned |
Bug Description
Friday I upgraded my server to breezy. After that, I got problems with
authentication in cyrus/imap.
I'm using sasl to authenticate clients; in turn, sasl use pam_ldap.
Before upgrade all worked fine; after, sometimes auth succeeded while other
times failed.
Finally, I discovered where was the problem: each instance of imapd correctly
authenticate only its first connection. All subsequent connections will get a
'badlogin' reply, like that row, grepped from /var/log/syslog:
Oct 17 11:25:04 localhost cyrus/imapd[20650]: badlogin:
net84-253-
found: checkpass failed
So, I set my /etc/cyrus.conf with lines like this one:
imaps cmd="imapd -s -U 1" listen="imaps" prefork=0 babysit=5
where the -U flag tells imapd to use each instance for one connection only and
then exit.
Doing this, things goes better: connection now don't crash, even if from time to
time, I get on my syslog lines these ones:
Oct 18 18:30:52 localhost cyrus/imapd[19506]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
Oct 18 18:31:00 localhost cyrus/imapd[19506]: badlogin:
net84-253-
authentication failure: checkpass failed
Oct 18 18:31:16 localhost cyrus/imapd[19506]: login:
net84-253-
That 'badlogin', however, seems not to cause problems to the connection (except
some delay...)
Changed in cyrus21-imapd: | |
status: | Unconfirmed → Confirmed |
Changed in cyrus21-imapd: | |
assignee: | tfheen → nobody |
Matthias, is this possibly? related to your gnutls fix?