Re: AUTHENTICATE PLAIN and authz

[Dan White <dwhite@xxxxxxx>]

On 08/28/12 10:09 -0500, ktm@xxxxxxxx wrote:
>Hi Cyrus community,
>
>I am having a problem getting AUTHN/AUTHZ to work with a cyrus
>priviledged user. It fails to authenticate. Using LOGIN it works
>but that does not allow you to proxy. I have the account listed
>in proxyservers:
>
>imapd.conf-----
>proxyservers: bigadmin
>imapd.conf-----
>
>Then with telnet:
>
>1 AUTHENTICATE PLAIN
>+
>base64{bigadmin\0bigadmin\0bigadminpassword}
>1 NO authentication failure
>
>2 LOGIN bigadmin bigadminpassword
>2 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=PLAIN COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN LISTEXT LIST-SUBSCRIBED URLAUTH] User logged in

Verify that your sasl_minimum_layer is set to 0 in this scenario. The
second login isn't technically a sasl authentication, and I don't know if
sasl_minimum_layer applies to it. What do you see in syslog?

Also try using imtest.

>This works fine with a normal user:
>
>1 AUTHENTICATE PLAIN
>+
>base64{user\0user\0userpassword}
>1  OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN LISTEXT LIST-SUBSCRIBED URLAUTH] Success (tls protection)

You performed tls in this scenario, which makes me wonder if it's a network
protection issue.

-- 
Dan White
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus