problem ntlm won't work with mysql

Thomas Börnert tb at tbits.net
Mon Jul 11 18:32:21 EDT 2005


On Mon, 2005-07-11 at 16:55 -0400, Ken Murchison wrote:
> Thomas Börnert wrote:
> 
> > Yes, DIGEST-MD5 don't work too :-(.
> > 
> > Why is it working with sasldb2 (auxprop) ?
> 
> The mechanisms need the plaintext password (or plaintext equivalent) 
> stored in the auxprop backend. 

Where is the patch availiable ???

Thanks

-Thomas


>  The SQL auxprop that ships with SASL 
> will work correctly unless you've patched it to store encrypted 
> passwords, in which case the SQL auxprop will only work for plaintext 
> SASL mechanisms and plaintext authentication protocol commands.
> 
> > 
> > There exists an patch for cyrus with auxprop/mysql.
> > 
> > Have anyone tested it ?
> > 
> > Thanks.
> > 
> > -Thomas
> > 
> > On Mon, 2005-07-11 at 08:19 -0400, Ken Murchison wrote:
> > 
> >>Thomas Börnert wrote:
> >>
> >>
> >>>hi list,
> >>>
> >>>ntlm with evolution or outlook isn't working:
> >>>
> >>>imap[17765]: badlogin: localhost.localdomain [127.0.0.1] NTLM [SASL
> >>>(-13): authentication failure: incorrect NTLM response]
> >>>
> >>>i've found: if i use sasldb2 then it works.
> >>>
> >>>if i use the mysql setup below that it won't work :-(.
> >>
> >>Do CRAM-MD5 or DIGEST-MD5 work with mysql?
> >>
> >>
> >>
> >>>have anyone an idea ?
> >>
> >>My guess is that you are encrypting the passwords in your mysql 
> >>database, which will cause non-plaintext mechanisms like NTLM and 
> >>DIGEST-MD5 to fail.
> >>
> >>
> >>
> >>>my imapd.conf
> >>><---------------------- snip ----------------------->
> >>>configdirectory: /var/lib/imap
> >>>#duplicatesuppression: 0
> >>>partition-default: /var/spool/imap
> >>>admins: cyrus
> >>>allowanonymouslogin: no
> >>>autocreatequota: 1000000
> >>>quotawarn: 90
> >>>timeout: 30
> >>>poptimeout: 10
> >>>#popminpoll: 1
> >>>servername: pop.domain.net
> >>>sievedir: /var/lib/imap/sieve
> >>>sieve_maxscriptsize: 32
> >>>sieve_maxscripts: 5
> >>>sendmail: /usr/sbin/sendmail
> >>>hashimapspool: true
> >>>allowplaintext: yes
> >>>sasl_pwcheck_method: saslauthd
> >>>sasl_mech_list: LOGIN PLAIN NTLM DIGEST-MD5 CRAM-MD5
> >>>tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
> >>>tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
> >>>tls_ca_file: /usr/share/ssl/certs/cyrus-imapd.pem
> >>>sasl_sql_engine: mysql
> >>>sasl_sql_hostnames: localhost
> >>>sasl_sql_user: mail
> >>>sasl_sql_passwd: secret
> >>>sasl_sql_database: mail
> >>>sasl_sql_select: select password from accountuser where username = '%u'
> >>><---------------------- snip ----------------------->
> >>>
> >>>my cyrus.conf
> >>><---------------------- snip ----------------------->
> >>># standard standalone server implementation
> >>>
> >>>START {
> >>>  # do not delete this entry!
> >>>  recover       cmd="ctl_cyrusdb -r"
> >>>
> >>>  # this is only necessary if using idled for IMAP IDLE
> >>>  idled         cmd="idled"
> >>>}
> >>>
> >>># UNIX sockets start with a slash and are put into /var/lib/imap/sockets
> >>>SERVICES {
> >>>  # add or remove based on preferences
> >>>  imap         cmd="imapd" listen="[localhost]:imap" prefork=5
> >>>  imaps         cmd="imapd -s" listen="[localhost]:imaps" prefork=1
> >>>  pop3          cmd="pop3d" listen="[pop]:pop3" prefork=3
> >>>  pop3s         cmd="pop3d -s" listen="[pop]:pop3s" prefork=1
> >>>  sieve         cmd="timsieved" listen="[localhost]:sieve" prefork=0
> >>>
> >>>  # at least one LMTP is required for delivery
> >>>#  lmtp         cmd="lmtpd" listen="[localhost]:lmtp" prefork=0
> >>>  lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
> >>>
> >>>  # this is only necessary if using notifications
> >>>#  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify"
> >>>proto="udp" prefork=1
> >>>}
> >>>
> >>>EVENTS {
> >>>  # this is required
> >>>  checkpoint    cmd="ctl_cyrusdb -c" period=30
> >>>
> >>>  # this is only necessary if using duplicate delivery suppression
> >>>  delprune      cmd="ctl_deliver -E 3" at=0400
> >>>
> >>>  # this is only necessary if caching TLS sessions
> >>>  tlsprune      cmd="tls_prune" at=0400
> >>>
> >>>  # create SQUAT indexes for all mailboxes
> >>>  squatter     cmd="/usr/lib/cyrus-imapd/squatter -r user.%" at=401
> >>> 
> >>>}
> >>><---------------------- snip ----------------------->
> >>>
> >>>---
> >>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> >>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> >>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >>>
> >>
> > 
> > 
> > ---
> > Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> > 
> 


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list