question on cyrus authentication

Erik Myllymaki erik.myllymaki at aviawest.com
Fri Jun 25 12:23:35 EDT 2004



Sebastian Hagedorn wrote:

> Hi,
>
> -- Erik Myllymaki <erik.myllymaki at aviawest.com> is rumored to have 
> mumbled on Freitag, 25. Juni 2004 7:49 Uhr -0700 regarding question on 
> cyrus authentication:
>
>> I have a mail server running Exim 4.21 and Cyrus 2.1.17.
>>
>> I use sasldb2 for the passwords. This requires a client that knows
>> CRAM-MD5.
>
>
> why would you say that? Most mechanisms work with sasldb ... we don't 
> use Exim but Sendmail, but that shouldn't be relevant.
>
I see, so somehow I have misconfigured things so that if I use a client 
that tries to send via PLAIN, it will work if the username:password 
provided is a unix logon account for the mailserver, but will NOT work 
if the username:password is in the sasldb2 file...any ideas where I 
could have mucked that one up?


>> I have Exim setup to use the same sasldb2 database for SMTP
>> authentication, as well.
>>
>> So far this has been fine because my clients have been *force-fed*
>> Thunderbird and Squirrelmail as clients and they both understand 
>> CRAM-MD5.
>>
>> Now, I will have 30 more users moving over to this mail server, but they
>> ALL use Outlook Express, and I know that OE does not do CRAM-MD5.
>> Obviously I do not want to start using local user passwords AND sasldb2
>> passwords for all these users (and more to follow). Also, I have to make
>> a decision and deploy it by July 1st.
>>
>> So, my options that I see are:
>>
>> 1.   Force them all to use Thunderbird.
>>
>> 2.   Use local user accounts and passwords for all of them and use 
>> TLS to
>> secure the PLAINTEXT logins. I already have TLS configured.
>
>
> You should do that anyway.
>
>> 3. *Somehow*, configure Cyrus and Exim to allow both PLAINTEXT over TLS
>> and CRAM-MD5 logins.
>
>
> That's the best approach. You might also add NTLM
>
> Greetings, Sebastian
> -- 
> Sebastian Hagedorn M.A. - RZKR-R1 (Flachbau), Zi. 18, Robert-Koch-Str. 10
> Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
> Universität zu Köln / Cologne University - Tel. +49-221-478-55
> 87


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list