Simplest way to get imap authentication with sasldb working?
Dan White
dwhite at olp.net
Mon Oct 19 17:28:34 EDT 2009
On 20/10/09 09:51 +1300, Raimund Eimann wrote:
>This is what I have in my imapd.conf:
>
>#sasl_pwcheck_method: saslauthd
>sasl_pwcheck_method: auxprop
>sasl_mech_list: PLAIN LOGIN
>
>As the first line is commented out, I guess all sasl_pwcheck_methods will
>be used as you described in your e-mail.
It looks like you have explicitly specified auxprop (only), in the second
line.
>raimund at callisto # imtest -u raimund callisto
>S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN
>AUTH=LOGIN SASL-IR] callisto Cyrus IMAP4 v2.3.11 server ready
>C: C01 CAPABILITY
>S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN
>SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
>NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
>THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
>IDLE X-NETSCAPE URLAUTH
>S: C01 OK Completed
>Please enter your password:
>C: A01 AUTHENTICATE PLAIN cmFpbXVuZEBjYWxsaXN0bwByb290AGJi
Note: including the authenticate string in your email now makes your
password publicly known. You should change it.
If I'm interpreting that string correctly, you are logging in with:
authentication name: root
authorization name: raimund at callisto
Try:
imtest -a raimund callistro
instead. Do 'imtest -h' for an explanation of the options.
Also, your authentication username must match the username you placed into
your /etc/sasldb file. If you place raimund into your sasldb file, but
attempt to authenticate as raimund at callisto, it will not work, unless
you're using virtual domains and have specified a default domain.
See your syslog (mail.log/auth.log) when your authentication fails. It
should show you which username it thinks you're logging in with.
--
Dan White
More information about the Cyrus-sasl
mailing list