On 08/28/12 10:09 -0500, ktm@xxxxxxxx wrote: >Hi Cyrus community, > >I am having a problem getting AUTHN/AUTHZ to work with a cyrus >priviledged user. It fails to authenticate. Using LOGIN it works >but that does not allow you to proxy. I have the account listed >in proxyservers: > >imapd.conf----- >proxyservers: bigadmin >imapd.conf----- > >Then with telnet: > >1 AUTHENTICATE PLAIN >+ >base64{bigadmin\0bigadmin\0bigadminpassword} >1 NO authentication failure > >2 LOGIN bigadmin bigadminpassword >2 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=PLAIN COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN LISTEXT LIST-SUBSCRIBED URLAUTH] User logged in Verify that your sasl_minimum_layer is set to 0 in this scenario. The second login isn't technically a sasl authentication, and I don't know if sasl_minimum_layer applies to it. What do you see in syslog? Also try using imtest. >This works fine with a normal user: > >1 AUTHENTICATE PLAIN >+ >base64{user\0user\0userpassword} >1 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN LISTEXT LIST-SUBSCRIBED URLAUTH] Success (tls protection) You performed tls in this scenario, which makes me wonder if it's a network protection issue. -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus