Re: PLAIN authentication timsieved

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok thank you for your help,

I've tried the allowplaintext: yes but the proxy sieve server I use is
still complaining !

I don't know why? I've done a tcp/ip trace of data transmission between
proxy and sieve cyrus server and the only thing I see is that :

Data (41 bytes)
0000  41 55 54 48 45 4e 54 49 43 41 54 45 20 22 50 4c   AUTHENTICATE "PL
0010  41 49 4e 22 20 22 41 47 6c 74 59 58 41 79 41 47   AIN" "AGltYXAyAG
0020  6c 74 59 58 41 79 22 0d 0a                        ltYXAy"..

Data (22 bytes)
0000  4f 4b 20 22 4c 6f 67 6f 75 74 20 43 6f 6d 70 6c   OK "Logout Compl
0010  65 74 65 22 0d 0a                                 ete"..


How could I debug this ?


Raphael Jaffey wrote:
> Sorry, we use this setting in our environment as we're using stunnel  
> for sieved connections rather than its built in TLS support.
> 
> The relevant parts of our current config read:
> 
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> 
> 
> allowplaintext: no
> sasl_minimum_layer: 128
> sieve_allowplaintext: yes
> sieve_sasl_minimum_layer: 0
> 
> tls_cert_file: <some-path>
> tls_key_file: <some-path>
> tls_ca_file: <some-path>
> tls_cipher_list: !ADH:MEDIUM:HIGH
> 
> sieve_tls_cert_file: disabled
> 
> 
> 
> In your case, assuming you don't want PLAIN in the clear, I should  
> think the following would suffice:
> 
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> 
> 
> allowplaintext: no
> sasl_minimum_layer: 128
> 
> tls_cert_file: <some-path>
> tls_key_file: <some-path>
> tls_ca_file: <some-path>
> tls_cipher_list: !ADH:MEDIUM:HIGH
> 
> This assumes that your sieve client supports TLS.
> 
> Quoting Raphael Jaffey <rjaffey@xxxxxxxxx>:
> 
>> sieve_allowplaintext: yes
>>
>> Quoting Mathieu Kretchner <mathieu.kretchner@xxxxxxxxxxxxxxx>:
>>
>>> Hello,
>>>
>>> I would like to allow connection to sieved server with PLAIN mechanism.
>>> But my configuration seems to already have this. What do I miss ?
>>>
>>> Cyrus is 2.2.12
>>> here is my imapd.conf :
>>>
>>> configdirectory: /data/imap
>>> partition-default: /data/imap/spool
>>> servername: imap-sop.inria.fr
>>> admins: cyrus
>>> hashimapspool: yes
>>> duplicatesuppression: no
>>> sasl_pwcheck_method: saslauthd
>>> allowanonymouslogin: no
>>> tls_session_timeout: 0
>>> allowapop: 0
>>> sasl_mech_list: PLAIN
>>> sieveuserhomedir: no
>>> sievedir: /data/imap/sieve
>>> sieve_maxscripts: 8
>>> sieve_maxscriptsize: 640
>>> sendmail: /usr/sbin/sendmail
>>> tls_ca_file: /data/imap/ssl/ca.crt
>>> tls_cert_file: /data/imap/ssl/server.crt
>>> tls_key_file:  /data/imap/ssl/server.key
>>> tls_ca_path: /data/imap/ssl
>>>
>>> Thank you
>>>
>>>
>>
>>
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
> 
> 
> 
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
begin:vcard
fn:Mathieu Kretchner
n:Kretchner;Mathieu
org:INRIA;Syslog
adr;dom:;;2004 route des lucioles - BP93;Sophia Antipolis;;06902 CEDEX
email;internet:mathieu.kretchner@xxxxxxxxxxxxxxx
tel;work:04 92 38 76 67
x-mozilla-html:FALSE
version:2.1
end:vcard

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux