question on cyrus authentication
Sebastian Hagedorn
Hagedorn at uni-koeln.de
Fri Jun 25 12:42:04 EDT 2004
-- Erik Myllymaki <erik.myllymaki at aviawest.com> is rumored to have mumbled
on Freitag, 25. Juni 2004 9:23 Uhr -0700 regarding Re: question on cyrus
authentication:
>>> I use sasldb2 for the passwords. This requires a client that knows
>>> CRAM-MD5.
>>
>>
>> why would you say that? Most mechanisms work with sasldb ... we don't
>> use Exim but Sendmail, but that shouldn't be relevant.
>>
> I see, so somehow I have misconfigured things so that if I use a client
> that tries to send via PLAIN, it will work if the username:password
> provided is a unix logon account for the mailserver, but will NOT work if
> the username:password is in the sasldb2 file...any ideas where I could
> have mucked that one up?
I don't know Exim, so I can't help you there, but it sounds as though
you're *not* using auxprop. Are you sure that CRAM-MD5 works? Anyway, our
sendmail server replies only "250-AUTH NTLM CRAM-MD5 DIGEST-MD5" when used
without TLS. Only when using TLS does it also offer PLAIN and LOGIN.
Here are the relevant config options:
/usr/lib/sasl2/Sendmail.conf:
pwcheck_method: auxprop
sendmail.mc:
...
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 NTLM PLAIN LOGIN')dnl
define(`confAUTH_MECHANISMS', `PLAIN LOGIN NTLM CRAM-MD5 DIGEST-MD5')dnl
define(`confAUTH_OPTIONS', `p')dnl
...
Greetings, Sebastian
--
Sebastian Hagedorn M.A. - RZKR-R1 (Flachbau), Zi. 18, Robert-Koch-Str. 10
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
Universität zu Köln / Cologne University - Tel. +49-221-478-5587
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20040625/9a445fa3/attachment.bin
More information about the Info-cyrus
mailing list