sasl + ldap +CRAM-MD5

Igor Brezac igor at ipass.net
Wed Mar 24 11:56:35 EST 2004


On Wed, 24 Mar 2004, zorg wrote:

> hi,
> here is my problem,
> I want cyrus to use the login and password from my ldap server
>
> I manage to make it work using
> saslauthd +pam +ldap
> or
> saslauthd + ldap
>
> in both case I can only use the plaintext authentification
>
> it seem normal for the pam solution
>
> but maybe there is more to do to make it work with ldap (saslauthd -a
> ldap -O /etc/saslauthd.conf)
>
>
> my saslauthd.conf
>
> ldap_servers: ldap://192.168.1.81
> ldap_bind_dn: cn=admin,dc=sys,dc=org
> ldap_password: azerty
> ldap_version: 3
> ldap_search_base: ou=People,dc=sys,dc=org
> ldap_timeout: 10
> ldap_filter: uid=%u
>
> When I trying to log using
> imtest -m  CRAM-MD5  -u cyril  localhost
>
> I've got in /var/log/auth.log
> Mar 24 12:24:19 phil cyrus/imapd[3457]: OTP unavailable because can't
> read/write key database /etc/opiekeys: No such file or directory
> Mar 24 12:24:28 phil cyrus/imapd[3457]: no secret in database
>
> Is there a way to make my server to be a little more secure (without
> using ssl)
>

You cannot use saslauthd for secret based mechs.

-- 
Igor
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list