Re: Cyrus Imap plaintext authentication with saslauth & PAM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Simon Matter írta:>> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">>> <html>>> <head>>> </head>>> <body bgcolor="#ffffff" text="#000000">>> <font size="-1"><font face="Arial">Hello everyone!<br>>> <br>>> I'm new to this mailing list, actually, this is the first mailing list>> I've ever subscribed. :) So greetings to all from Hungary! (And excuse>> my really bad english, please)<br>>>     >> Hi,>> allow me to give you two suggestions first:>> 1) Please configure your mailer to send mail in clear text, not html.> Otherwise configure it to send woth, text and html. Html only mails may> have problems for some users to get read and some people are annoyed by> html mails.>> 2)> Always use the "reply" or "reply all" function of your mailer when> replying to the list - and don't change the Subject of the mail. That way> people can follow the thread of the discussion.>>   Thanks, will do!>> <br>>> I'm not sure if I can ask for help here, but I didn't find any answer>> elsewhere, so trying this out.<br>>> <br>>> I have a postfix relay server and a (local) cyrus imap server on the>> same machine. Everything was fine until I thought, I change the imap>> authentication from sasldb to saslauth, to have global authentication>> on postfix and cyrus.<br>>> Postfix uses saslauthd, which is configured for PAM. It works>> perfectly, with plain/login/cram/digest mechanisms, with or without>> tls/ssl, absolutely no problems with it. Saslauth tests are all fine>> obviously.<br>>> So I decided to use this with cyrus imap too. Set it to use the same>> saslauth daemon, and plain, login, cram-md5 and digest-md5 mechs.<br>>> Since then, I can not login with plain or login mechs, because they>> aren't being offered at all by cyrus imapd. I can login with cram or>> digest fine.<br>>> I understand that plain login isn't offered by default, only after a>> successfull tls session setup, but if I understand correctly, the>> "allowplaintext: yes" option should still force imapd to offer plain>> logins. But it doesn't. I tried it with different sasl_min|max_levels,>> to no avail.<br>>>     >> "allowplaintext: 1" should indeed enable plain. At least that works well> for me. I expect you are using the packages from a distribution, maybe> they have added some kind of "security" patches to make things more safe?> Could you try with the following line in your cyrus config:>> sasl_mech_list: PLAIN>> Regards,> Simon>>   yes, the server is running ubuntu 7.04 i386, 2.6.20-17-generic, and postfix and cyrus are installed via the ubuntu repositiories.
ok, first, this is what I get with sasl_mech_list=plain login cram-md5 digest-md5:
imtest localhostS: * OK some-server Cyrus IMAP4 v2.2.13-Debian-2.2.13-10ubuntu2 server readyC: C01 CAPABILITYS: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IRS: C01 OK CompletedC: A01 AUTHENTICATE DIGEST-MD5S: + bm9uY2U9IjNpZnh<snip>09bWQ1LXNlc3M=Please enter your password:C: dXNlcm5hbWU9<snip>ZDg5YzA0ZGYDE0YmI5YjQ=S: + cnNwYXV0aD<snip>RjYmQ5N2JjOA==C:S: A01 OK Success (privacy protection)Authenticated.Security strength factor: 128. logout* BYE LOGOUT received. OK CompletedConnection closed.
syslog says:
Apr 24 09:56:27 localhost cyrus/imap[7030]: login: localhost [127.0.0.1] user DIGEST-MD5 User logged in


and this is with only PLAIN mech:
imtest localhostS: * OK piller-server Cyrus IMAP4 v2.2.13-Debian-2.2.13-10ubuntu2 server readyC: C01 CAPABILITYS: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLSS: C01 OK CompletedPlease enter your password:C: L01 LOGIN user {7}S: + go aheadC: <omitted>S: L01 NO Login failed: generic failureAuthentication failed. generic failureSecurity strength factor: 0C: Q01 LOGOUTConnection closed.
Apr 24 10:02:25 localhost cyrus/imap[7147]: badlogin: localhost [127.0.0.1] plaintext user SASL(-1): generic failure: checkpass failed

----Cyrus Home Page: http://cyrusimap.web.cmu.edu/Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twikiList Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux