can IMSP auth via auxprop? or just sasldb?

OpenMacNews cyrus-info.20.openmacnews at spamgourmet.com
Fri Nov 19 02:09:54 EST 2004 

hi all,

i'm unable to auth PLAIN under TLS layer to my IMSP server via auxprop.

is it even posssible?

details of what i've found follow below.

pointers/clarifiation much appreciated!

thx,

richard

=================================

i've

   cyrus-imap-2.2.8
   cyrus-sasl-2.1.20
   postfix-2.2-20041023-tls

on OSX 10.3.6

i've setup imap to use:

    sasl_pwcheck_method: auxprop
    sasl_auxprop_plugin: sql

and config'd for authentication & smtp _only_ under a TLS layer.

everything is working as expected.

now, i'd like to add IMSP to the equation.  since i'm using SASL2 plugins, imsp 
v1.7b is a no-go, so i've DL'd & built

   cyrus-imspd-CVS

IIUC, imspd *can* authenticate via PLAINTEXT & Kerberos, and if HAVE_SSL is 
defined, operation under a TLS layer is turned on. as my target is PLAINTEXT 
auth over TLS -- just like my imap setup, this seems the right direction ...

but, it seems AUTH is only supported via sasldb, NOT auxprop+sql.  am i correct 
here?

i've found no info (yet) re: use of auxprop-based auth with IMSP ...

'blindly' trying additions to the imsp/options file to mirror my imap/sasl 
config, such as:

    imsp.sasl.pwcheck_method N auxprop
    imsp.sasl.mech_list N (plain)
    imsp.sasl.auxprop_plugin sql
    imsp.sasl.sql_hostnames N localhost
    imsp.sasl.sql_database N mail
    imsp.sasl.sql_user N mail
    imsp.sasl.sql_passwd N #########
    imsp.sasl.sql_statement N select password from accountuser where
    username='%u@%r' or (username='%u' and domain_name='')

does no obvious good, and my syslog still shows:

    imsp[23498]: sql_select option missing
    imsp[23498]: auxpropfunc error no mechanism available
    imsp[23498]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin:
    sql
    imsp[23498]: sql_select option missing
    imsp[23498]: auxpropfunc error no mechanism available
    imsp[23498]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin:
    sql
    imsp[23498]: sql_select option missing
    imsp[23498]: auxpropfunc error no mechanism available
    imsp[23498]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin:
    sql
    imsp[23498]: imspd: start

nonetheless, imspd *does* launch.  if, foru yucks, i 'imtest' to it:

	% imtest -p imsp -m PLAIN -t "" testserver.internal.testdomain.com

with plaintext disabled

    imsp.sasl.allowplaintext N -

i get a message that TLS is *not* supported.

    S: * OK Cyrus IMSP version 1.7b ready
    C: C01 CAPABILITY
    S: * CAPABILITY AUTH=SRP AUTH=SRP AUTH=SRP AUTH=OTP AUTH=OTP AUTH=OTP
    AUTH=NTLM AUTH=NTLM AUTH=NTLM AUTH=DIGEST-MD5 AUTH=DIGEST-MD5
    AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 LITERAL+
    S: C01 OK capability completed
    failure: STARTTLS not supported by the server!

note: as expected, no PLAIN auth is advertised.

on the other hand, 'imtest' with plaintext ENabled

	imsp.sasl.allowplaintext N +

results in:

   kernel: at_obdev_KUC: registerTaskRule: call of newTaskEntry: FATAL !!!!! 
MALLOC FAILEDat_obdev_KUC:
   kernel: newTaskEntry: attempt to create task with NULL path

NOT good.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list