how to proxy for a user [was Re: Geographically Redundant mail stores]

Wed Mar 19 05:52:06 EST 2003

Marco Colombo wrote:

> There's no AUTH=xxx entry, so there are *no* available mechs at this
> point. AFAIK, unsafe mechs (the ones that send passwords in cleartext
> over the net) are disabled by default. There're enabled if the client
> requests a TLS connection via STARTTLS.

Thanks, you're right, if I use -s or -t it works.
What's strange that now I RTFM and put an "allowplaintext: yes" (also 
tried "allowplaintext: true") in imapd.conf (not a security problem 
since it accepts plaintext connections only from localhost) and still it 
doesn't advertise AUTH=PLAIN:

$ telnet localhost imap
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
* OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk 
server ready
1 capability
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT 
LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
1 OK Completed
2 logout
* BYE LOGOUT received
2 OK Completed
Connection closed by foreign host.

Of course I restarted master after editing imapd.conf
I also tried adding "sasl_miminum_layer: 0" but that changed nothing 
(and it should be the default).

[....]
> $ cyradm --authz marco --user cyrus localhost
> Password: 
> devel.ESI> lm
> INBOX (\HasChildren)          INBOX.test2 (\HasNoChildren)  
> INBOX.test (\HasNoChildren)   
> devel.ESI> quit
> 
> Again, the password I typed was the one of 'cyrus', yet:
> 
> Mar 19 10:36:07 devel imapd[31845]: login: devel.ESI[127.0.0.1] marco SRP User logged in
> 
> I wasn't able to test PLAIN, because I don't know how to tell cyradm
> to use TLS.

It seems there isn't a documented way.

Bye

-- 
Luca Olivetti
Wetron Automatización S.A. http://www.wetron.es/
Tel. +34 93 5883004      Fax +34 93 5883007