SASL mechanism PLAIN advertising in IMAP capabilites

Rob Siemborski rjs3 at andrew.cmu.edu
Wed Oct 1 13:54:44 EDT 2003 

PLAIN is not allowed to be advertised without a security layer present.

Start a TLS session and it should be advertised.

On Wed, 1 Oct 2003, Earl R Shannon wrote:

> Hello,
>
> I'm getting confused. I'm trying to have AUTH=PLAIN show
> up in the response to a capability query of the IMAP server.
> Here is what I currently get:
>
> /var/log # telnet uni99map 143
> Trying 152.1.4.242...
> Connected to uni99map.unity.ncsu.edu.
> Escape character is '^]'.
> * OK uni99map.unity.ncsu.edu Cyrus IMAP4 v2.1.13 server ready
> 0 capability
> * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS
> MUPDATE=mupdate://uni99map.unity.ncsu.edu/ AUTH=GSSAPI AUTH=KERBEROS_V4
> LISTEXT LIST-SUBSCRIBED ANNOTATEMORE
> 0 OK Completed
>
> Note that only GSSAPI and KERBEROS_V4 show up.
>
> In the imapd.conf file I have:
>
> sasl_pwcheck_method: saslauthd
> sasl_saslauthd_path: /local/sasl/var/mux
> sasl_mech_list: PLAIN GSSAPI KERBEROS_V4
> allowplaintext: yes
>
> Libraries in /usr/lib/sasl2 are:
> /usr/lib # ls /usr/lib/sasl2/
> .                       libcrammd5.so.2         libgssapiv2.so.2.0.10
> liblogin.so.2.0.0       libplain.so.2
> ..                      libcrammd5.so.2.0.13    libgssapiv2.so.2.0.13
> liblogin.so.2.0.10      libplain.so.2.0.0
> libanonymous.la         libdigestmd5.la         libkerberos4.la
> libotp.la               libplain.so.2.0.10
> libanonymous.so         libdigestmd5.so         libkerberos4.so
> libotp.so               libplain.so.2.0.13
> libanonymous.so.2       libdigestmd5.so.2       libkerberos4.so.2
> libotp.so.2             libsasldb.la
> libanonymous.so.2.0.0   libdigestmd5.so.2.0.13  libkerberos4.so.2.0.0
> libotp.so.2.0.0         libsasldb.so
> libanonymous.so.2.0.10  libgssapiv2.la          libkerberos4.so.2.0.10
> libotp.so.2.0.10        libsasldb.so.2
> libanonymous.so.2.0.13  libgssapiv2.so          liblogin.la
> libotp.so.2.0.13        libsasldb.so.2.0.10
> libcrammd5.la           libgssapiv2.so.2        liblogin.so libplain.la
>              libsasldb.so.2.0.13
> libcrammd5.so           libgssapiv2.so.2.0.0    liblogin.so.2 libplain.so
>
> If I remove the sasl_mech_list line from the imapd.conf file
> DIGEST-MD5, CRAM-MD5, and OTP are also advertised:
>
> var/log # telnet uni99map 143
> Trying 152.1.4.242...
> Connected to uni99map.unity.ncsu.edu.
> Escape character is '^]'.
> * OK uni99map.unity.ncsu.edu Cyrus IMAP4 v2.1.13 server ready
> 0 capability
> * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS
> MUPDATE=mupdate://uni99map.unity.ncsu.edu/ AUTH=DIGEST-MD5 AUTH=CRAM-MD5
> AUTH=GSSAPI AUTH=KERBEROS_V4 AUTH=OTP LISTEXT LIST-SUBSCRIBED ANNOTATEMORE
> 0 OK Completed
>
> But still no PLAIN.
>
> Heres a uname -a:
> SunOS uni99map.unity.ncsu.edu 5.7 Generic_106541-15 sun4u sparc
> SUNW,Ultra-1 IMAP version is 2.1.13 (as in the capability response )
> and sasl is 2.1.13
>
> Am I missing something here?
>
> Regards,
> Earl Shannon
>
>
>

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

More information about the Info-cyrus mailing list