CRAM-MD5 w/ Cyrus IMAP ...

Marc G. Fournier scrappy@hub.org
Wed, 23 Jan 2002 09:57:16 -0400 (AST)


Morning all ...

	We just recently upgraded to Horde2/IMP3/Turba1 and have hit one
problem that I can't seem to find a resolution for, even after searching
for CRAM-MD5 related messages in MARC ...

	We are running Apache 1.3.22, PHP4.1.1, c-client (imap-2001a),
cyrus IMAP 2.0.16 and cyrus SASL 1.5.24 ... from the archives, in
particular:

	http://marc.theaimsgroup.com/?l=imp&m=99894099805331&w=2

	I gather that the newest c-client with PHP 4.1.1 shouldn't
generate the error, but with the above config, I'm still getting:

Warning: Retrying CRAM-MD5 authentication after authentication failure
(errflg=1) in Unknown on line 0

	Now, I saw Chuck's message about checking linkage.h, and it
appears to be okay:

sales# locate linkage.h
/usr/local/include/c-client/linkage.h
sales# grep AUTH `!!`
grep AUTH `locate linkage.h`
extern AUTHENTICATOR auth_md5;
extern AUTHENTICATOR auth_pla;
extern AUTHENTICATOR auth_log;
sales#

	On the IMAP side, I'm using sasldb for authentication:

sasl_pwcheck_method: sasldb

	And, according to sasldblistuser, I do have a CRAM-MD5 password:

user: scrappy realm: sales.org mech: PLAIN
user: scrappy realm: sales.org mech: CRAM-MD5
user: scrappy realm: sales.org mech: DIGEST-MD5

	Now, looking at /var/log/messages on the mail server side of
things, it appears that I *have* successfully logged in, and then it
fails?

Jan 23 08:50:27 sales imapd[59185]: login: sales.org[64.49.215.185] scrappy CRAM-MD5 User logged in
Jan 23 08:50:35 sales imapd[59185]: badlogin: sales.org[64.49.215.185] CRAM-MD5 authentication failure [incorrect digest response]

	But, if I click on 'Login to Mail' from the error screen and
re-login, same userid/passwd, it then logs in with CRAM-MD5 again, but no
second line with the failure:

Jan 23 08:52:34 sales imapd[60322]: login: sales.org[64.49.215.185] scrappy CRAM-MD5 User logged in
Jan 23 08:52:34 sales imapd[60322]: login: sales.org[64.49.215.185] scrappy CRAM-MD5 User logged in
Jan 23 08:53:39 sales imapd[60439]: login: sales.org[64.49.215.185] scrappy CRAM-MD5 User logged in

	So, CRAM-MD5 *is* working, but there is a failure being generated
on the initial login ...

	Thoughts?  Stuff to try?