Newbie Q's: Authentication problems
Ken Murchison
ken at oceana.com
Fri Sep 27 12:48:40 EDT 2002
Jon Drukman wrote:
>
> At 07:42 AM 9/27/2002, Ken Murchison wrote:
> >You can't turn plaintext off and specify PLAIN as the only SASL
> >mechanism, because cyram doesn't support SSL/TLS (which is this only way
> >that PLAIN or IMAP LOGIN would be allowed with your config). Either
> >allow plaintext, or add some other mechs (ie, CRAM-MD5) to the
> >sasl_mech_list.
>
> ok, i set my /etc/imapd.conf to look like this:
>
> configdirectory: /var/imap
> defaultpartition: default
> partition-default: /var/spool/imap
> allowplaintext: yes
> sasl_pwcheck_method: saslauthd
> admins: cyrus
> sasl_mech_list: PLAIN, CRAM-MD5
>
> now i get the following errors when trying to connect:
>
> # cyradm --user cyrus localhost
> Password:
> cyradm: cannot authenticate to server with as cyrus
>
> # tail /var/log/auth.log
> Sep 27 08:43:27 rs2 imapd[74583]: Could not open db
> Sep 27 08:43:27 rs2 imapd[74583]: Could not open db
> Sep 27 08:43:27 rs2 imapd[74583]: no secret in database
> Sep 27 08:43:30 rs2 perl: No worthy mechs found
Is /etc/sasldb2 readable by 'cyrus'?
>
> also, eventually when i want to block plaintext passwords completely, is it
> possible to use cyradm at all?
Yeah, turn allowplaintext back off. They will still be allowed under
SSL/TLS.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus
mailing list