Can’t login to Cyrus IMAP with domain name in username, can if I don’t qualify with domain name

cyrusimapsasl

I'm trying to install Cyrus with SASL for authentication. I'm struggling getting logins to work properly though. I'm trying to setup virtual hosting, as we'll have several domains worth of email on this host.

In my imapd.conf:

sasl_pwcheck_method: auxprop
virtdomains: true
defaultdomain: fqdn.example.com

From sasldblistusers2:

matt@fqdn.example.com: userPassword

I have a mailbox called user.matt, and I tried creating user.matt@fqdn.example.com and I got an error saying the mailbox already exists. With this setup, I am able to login using imtest localhost -m DIGEST-MD5 -a matt, however I am unable to using imtest localhost -m DIGEST-MD5 -a matt@fqdn.example.com. There is also not a UNIX user called matt on the system. Does anyone have any idea what I am missing?

Exact error from syslog:

imap[23310]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database]

Best Answer

Do you have this in your imapd.conf?

loginrealms: fqdn.example.com

(imapd.conf man page tells you this):

   loginrealms: <empty string>
        The list of remote realms whose users may authenticate using cross-realm authentication identifiers.  Seperate each realm name by a space.  (A  cross-realm  iden‐
        tity is considered any identity returned by SASL with an "@" in it.) Note that to support multiple virtual domains on the same interface/IP, you need to list them
        all as loginreals.  If you don’t list them here, your users probably won’t be able to log in.
Related Topic