2010/7/2 Dan White <dwhite@xxxxxxx>
Right, I had more in my list. And since I didn't have the cyrus-sasl-md5
package before, the mentioning of MD5 mech types in the sasl_mech_list didn't
matter.
I have read some comments that suggest the MD5 mech options
only work with sasl_pwcheck_method of auxprop, and won't work
with pam via saslauthd. Is that true? That seems to be what
you are saying as well. If not the case, I don't understand
what would have been needed to enable the MD5 types of
auth mechanism. Any pointers to where the MD5 types of mech
are documented for configuration?
For some reason, IMAP connections using TLS were not impactedOn 02/07/10 14:43 -0300, D G Teed wrote:
2010/7/2 D G Teed <donald.teed@xxxxxxxxx>
Subject: Authentication problems since Redhat 5.5 updates
We had a nice trouble free cyrus running until it was updated with
updates from Redhat today.
I've tested with testsaslauthd (no service name given) and it works OK,
so I'd think things are fine on the pam, AD and ldap end.
In the cyrus server's maillog I'm seeing messages like this from
attempts to connect from the remote webmail:
Jul 2 13:54:22 navi imap[4073]: badlogin:
webmail.example.com[XXX.YYY.ZZZ.111] CRAM-MD5 [SASL(-13): user not
found: no secret in database]
I have things working again. I had disabled Unix authentication in pam
temporarily to try troubleshooting with my account. That had the side
effect of disabling the cyrus user from authentication. So that explains
the scripts using IMAP::Admin breaking.
I also removed the package cyrus-sasl-md5 and I believe this has an impact
on the issue I was facing with "CRAM-MD5".
Any tips on how to co-exist with that package are welcomed.
Cyrus imap will offer all available and initializable SASL authentication
plugins it can find (see pluginviewer for that list). In the case where you
have a plugin installed that you don't wish to offer, you can restrict the
list of mechanisms with the sasl_mech_list option.
If you're depending on saslauthd for authentication, you shouldn't be
offering anything other than plain and login:
sasl_mech_list: PLAIN LOGIN
Right, I had more in my list. And since I didn't have the cyrus-sasl-md5
package before, the mentioning of MD5 mech types in the sasl_mech_list didn't
matter.
I have read some comments that suggest the MD5 mech options
only work with sasl_pwcheck_method of auxprop, and won't work
with pam via saslauthd. Is that true? That seems to be what
you are saying as well. If not the case, I don't understand
what would have been needed to enable the MD5 types of
auth mechanism. Any pointers to where the MD5 types of mech
are documented for configuration?
by the change. I'm not sure of all of the ways it was broken because
I wanted to get the service back up ASAP, but I do know Horde
webmail was unable to connect using IMAP and notls.
--Donald
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html