Hi, You may check the following points. 1.) You set sasl_mech_list: plain The mechanism plain is an extra sasl library, you may have to install. You force the use of plain even if better mechanism would be availible, but if the sasl_plain library is not installed you have no mechanism for authendification at all. You can use imtest to debug the login procedure. The CAPABILITY string must say AUTH=PLAIN. 2.) Activate imaps and test the login with imtest -a USERID localhost imtest -t '' -a USERID localhost imtest -s -a USERID localhost 3.) if you use PAM, have a look in /etc/pam.d/imap , /etc/pam.d/imaps , /etc/pam.d/pop , /etc/pam.d/pops and /etc/pam.d/sieve if these files don't exist pam will use /etc/pam.d/other You may want to add "auth required pam_warn.so" and "account required pam_warn.so" to the pam configurations to monitor and debut the logins i hope i could help Quoting Sam Przyswa <samp@xxxxxxxxxxxxxxxxx>:
Michael Menge a écrit :Hi, check the settings for allowplaintextIt's set to yessasl_minimum_layerIt's set to 0in /etc/imapd.conf read the manpage for more details on these optionsOk but I don't find a way to devalidate the encryption on PLAIN password login as we have on your Courier server. We have about 300 users with there mail client configured in PLAIN password and our customer don't want change 300 users' PC. We have to first migrate 300 Courier-IMAP /Maildir accounts to Cyrus accounts and then make these accounts compatible with with our PLAIN password login mechanism. I think that needs should be not too hard to do. We have tested Dovecot and we don't encountered this kind of problem. Thanks for your help. I put in attachment our imapd.conf and cyrus.conf Sam.Quoting David.Addison@xxxxxxxxxxxx:-----Original Message-----From: info-cyrus-bounces@xxxxxxxxxxxxxxxxxxxx [mailto:info-cyrus-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Sam PrzyswaSent: Tuesday, July 24, 2007 11:44 PM To: Info Cyrus List Subject: Re: Basic configuration David.Addison@xxxxxxxxxxxx a écrit :Hi Sam Use saslauthd by adding the following lines to /etc/imapd.conf sasl_pwcheck_method: saslauthd sasl_mech_list: plainOk.Start saslauthd with /usr/sbin/saslauthd -a pam Or /usr/sbin/saslauthd -a shadow /usr/sbin/saslauthd -a getpwentI tried each option but I always got: badlogin: evelyne.arial-concept.com [172.16.0.118] PLAIN [SASL(-16): encryption needed to use mechanism: security flags do not match required]There are other options which might work better on your system but this one works fine for me....yes ! Hi Sam,IIRC, I think this means that you need to have an encrypted connection to the mail server to use the PLAIN auth mechanism. However, I can't find anything in my config files that would affect this and I'm using unencrypted imap connections so I'm guessing. Perhaps someone else can comment.Dave ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html-------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316Universitaet Tuebingen Fax.: (49) 7071/29-5912Zentrum fuer Datenverarbeitung mail: michael.menge@xxxxxxxxxxxxxxxxxxxxWaechterstrasse 76 72074 Tuebingen ------------------------------------------------------------------------ ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html-- Sam Przyswa - Chef de projet Arial Concept - Intégrateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@xxxxxxxxxxxxxxxxx -- Ce message a été vérifié par MailScanner pour des virus ou des polluriels et rien de suspect n'a été trouvé.
-------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge@xxxxxxxxxxxxxxxxxxxx Waechterstrasse 76 72074 Tuebingen
Hi, You may check the following points. 1.) You set sasl_mech_list: plain The mechanism plain is an extra sasl library, you may have to install. You force the use of plain even if better mechanism would be availible,but if the sasl_plain library is not installed you have no mechanism for authendification at all. You can use imtest to debug the login procedure.
The CAPABILITY string must say AUTH=PLAIN. 2.) Activate imaps and test the login with imtest -a USERID localhost imtest -t '' -a USERID localhost imtest -s -a USERID localhost 3.) if you use PAM,have a look in /etc/pam.d/imap , /etc/pam.d/imaps , /etc/pam.d/pop , /etc/pam.d/pops and /etc/pam.d/sieve
if these files don't exist pam will use /etc/pam.d/other You may want to add "auth required pam_warn.so" and "account required pam_warn.so" to the pam configurations to monitor and debut the logins i hope i could help Quoting Sam Przyswa <samp@xxxxxxxxxxxxxxxxx>:
Michael Menge a écrit :Hi, check the settings for allowplaintextIt's set to yessasl_minimum_layerIt's set to 0in /etc/imapd.conf read the manpage for more details on these optionsOk but I don't find a way to devalidate the encryption on PLAIN password login as we have on your Courier server. We have about 300 users with there mail client configured in PLAIN password and our customer don't want change 300 users' PC. We have to first migrate 300 Courier-IMAP /Maildir accounts to Cyrus accounts and then make these accounts compatible with with our PLAIN password login mechanism. I think that needs should be not too hard to do. We have tested Dovecot and we don't encountered this kind of problem. Thanks for your help. I put in attachment our imapd.conf and cyrus.conf Sam.Quoting David.Addison@xxxxxxxxxxxx:-----Original Message-----From: info-cyrus-bounces@xxxxxxxxxxxxxxxxxxxx [mailto:info-cyrus-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Sam PrzyswaSent: Tuesday, July 24, 2007 11:44 PM To: Info Cyrus List Subject: Re: Basic configuration David.Addison@xxxxxxxxxxxx a écrit :Hi Sam Use saslauthd by adding the following lines to /etc/imapd.conf sasl_pwcheck_method: saslauthd sasl_mech_list: plainOk.Start saslauthd with /usr/sbin/saslauthd -a pam Or /usr/sbin/saslauthd -a shadow /usr/sbin/saslauthd -a getpwentI tried each option but I always got: badlogin: evelyne.arial-concept.com [172.16.0.118] PLAIN [SASL(-16): encryption needed to use mechanism: security flags do not match required]There are other options which might work better on your system but this one works fine for me....yes ! Hi Sam,IIRC, I think this means that you need to have an encrypted connection to the mail server to use the PLAIN auth mechanism. However, I can't find anything in my config files that would affect this and I'm using unencrypted imap connections so I'm guessing. Perhaps someone else can comment.Dave ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html-------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316Universitaet Tuebingen Fax.: (49) 7071/29-5912Zentrum fuer Datenverarbeitung mail: michael.menge@xxxxxxxxxxxxxxxxxxxxWaechterstrasse 76 72074 Tuebingen ------------------------------------------------------------------------ ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html-- Sam Przyswa - Chef de projet Arial Concept - Intégrateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@xxxxxxxxxxxxxxxxx -- Ce message a été vérifié par MailScanner pour des virus ou des polluriels et rien de suspect n'a été trouvé.
-------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912Zentrum fuer Datenverarbeitung mail: michael.menge@xxxxxxxxxxxxxxxxxxxx
Waechterstrasse 76 72074 Tuebingen
Attachment:
smime.p7s
Description: S/MIME krytographische Unterschrift
Attachment:
smime.p7s
Description: S/MIME krytographische Unterschrift
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
