Re: strange behaviour authenticating to IMAP server with squirrelmail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Why would you want to, you are already using TLS so what do you expect to gain?
plaintext+TLS

md5 suffers from multiple inadequacies - so it seems pretty pointless to me.


M
--
Merlin Hartley
Computer Officer
MRC Mitochondrial Biology Unit
Cambridge, CB2 0XY
United Kingdom

On 8 Oct 2017, at 21:21, Walter H. via Info-cyrus <info-cyrus@xxxxxxxxxxxxxxxxxxxx> wrote:

Hello,

when setting in squirrelmail
$imap_auth_mech = 'cram-md5';
or
$imap_auth_mech = 'digest-md5';
then the following is logged in /etc/maillog

Oct  8 14:59:41 imap-host imaps[2042]: accepted connection
Oct  8 14:59:41 imap-host imaps[2042]: imapd:Loading DH parameters from file
Oct  8 14:59:41 imap-host imaps[2042]: SSL_accept() incomplete -> wait
Oct  8 14:59:41 imap-host imaps[2042]: SSL_accept() succeeded -> done
Oct  8 14:59:41 imap-host imaps[2042]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Oct  8 14:59:42 imap-host imaps[2042]: badlogin: host-running-squirrel [IPv6-running-squirrel] DIGEST-MD5 [SASL(-13): user not found: no secret in database]

but, when setting in squirrelmail
$imap_auth_mech = 'login';
then the following is logged and it works ...

Oct  8 18:37:16 imap-host imaps[10530]: accepted connection
Oct  8 18:37:16 imap-host imaps[10530]: imapd:Loading DH parameters from file
Oct  8 18:37:16 imap-host imaps[10530]: SSL_accept() incomplete -> wait
Oct  8 18:37:16 imap-host imaps[10530]: SSL_accept() succeeded -> done
Oct  8 18:37:16 imap-host imaps[10530]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Oct  8 18:37:17 imap-host imaps[10530]: login: host-running-squirrel [IPv6-running-squirrel] walter plaintext+TLS User logged in

even /etc/imapd.conf is this:

allowanonymouslogin: no
allowplaintext: no <--
altnamespace: no
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
servername: storage.mail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
tls_cert_file: /etc/pki/cyrus-imapd/tls.crt/mail-host.crt
tls_key_file: /etc/pki/cyrus-imapd/tls.key/mail-host.key
tls_ca_file: /etc/pki/cyrus-imapd/tls.crt/server-chain-sslca.crt
quotawarn: 95

sasldblistusers2 shows this:

cyrus@imap-host: userPassword

why I am unable to use  digest-md5 or cram-md5?
or: what do I have to do to use digest-md5?
adding a user with  saslpasswd2?
what is the 'appname'?

Im using Centos 6 and the RPM packages of CentOS

Thanks,
Walter


----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux