Using MySQL plugin and NTLM - obscure gotcha
Nels Lindquist
nlindq at maei.ca
Fri May 23 18:29:14 EDT 2003
Okay, this one's *fun.*
If by "fun" you mean "spending all afternoon trying to figure out why
exactly Lookout Explode(tm) is behaving the way it is."
Anyway, I'm using:
Cyrus SASL 2.1.13 with MySQL plugin and NTLM support
Cyrus IMAPD 2.1.13
LOGIN, PLAIN, CRAM-MD5 and DIGEST-MD5 (+/- TLS) work perfectly with
SASL2 auth tokens stored in a MySQL table. I decided to try
recompiling SASL2 to take advantage of NTLM support, as we have a few
users relying on MS clients.
Problem: MySQL SELECT statements are case insensitive. Cyrus IMAP
namespace is not. Clients logged into Windows with any case
variation of their username can authenticate with NTLM. However,
since the authentication token is passed on to IMAP completely
unmodified, case variants of the username token other than all-
lowercase don't map to valid IMAP namespace, and 'LIST "" "INBOX"'
returns nothing useful.
OE then tries to create an INBOX, but of course has no permission to
do so, and the request fails.
Is there some equivalent to Samba's "username level" directive that
could be used to force the user auth token to lowercase somewhere
along the way?
Thanks for any suggestions!
----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.
More information about the Info-cyrus
mailing list