problem ntlm won't work with mysql
Thomas Börnert
tb at tbits.net
Mon Jul 11 11:57:16 EDT 2005
Yes, DIGEST-MD5 don't work too :-(.
Why is it working with sasldb2 (auxprop) ?
There exists an patch for cyrus with auxprop/mysql.
Have anyone tested it ?
Thanks.
-Thomas
On Mon, 2005-07-11 at 08:19 -0400, Ken Murchison wrote:
> Thomas Börnert wrote:
>
> > hi list,
> >
> > ntlm with evolution or outlook isn't working:
> >
> > imap[17765]: badlogin: localhost.localdomain [127.0.0.1] NTLM [SASL
> > (-13): authentication failure: incorrect NTLM response]
> >
> > i've found: if i use sasldb2 then it works.
> >
> > if i use the mysql setup below that it won't work :-(.
>
> Do CRAM-MD5 or DIGEST-MD5 work with mysql?
>
>
> > have anyone an idea ?
>
> My guess is that you are encrypting the passwords in your mysql
> database, which will cause non-plaintext mechanisms like NTLM and
> DIGEST-MD5 to fail.
>
>
> >
> > my imapd.conf
> > <---------------------- snip ----------------------->
> > configdirectory: /var/lib/imap
> > #duplicatesuppression: 0
> > partition-default: /var/spool/imap
> > admins: cyrus
> > allowanonymouslogin: no
> > autocreatequota: 1000000
> > quotawarn: 90
> > timeout: 30
> > poptimeout: 10
> > #popminpoll: 1
> > servername: pop.domain.net
> > sievedir: /var/lib/imap/sieve
> > sieve_maxscriptsize: 32
> > sieve_maxscripts: 5
> > sendmail: /usr/sbin/sendmail
> > hashimapspool: true
> > allowplaintext: yes
> > sasl_pwcheck_method: saslauthd
> > sasl_mech_list: LOGIN PLAIN NTLM DIGEST-MD5 CRAM-MD5
> > tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
> > tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
> > tls_ca_file: /usr/share/ssl/certs/cyrus-imapd.pem
> > sasl_sql_engine: mysql
> > sasl_sql_hostnames: localhost
> > sasl_sql_user: mail
> > sasl_sql_passwd: secret
> > sasl_sql_database: mail
> > sasl_sql_select: select password from accountuser where username = '%u'
> > <---------------------- snip ----------------------->
> >
> > my cyrus.conf
> > <---------------------- snip ----------------------->
> > # standard standalone server implementation
> >
> > START {
> > # do not delete this entry!
> > recover cmd="ctl_cyrusdb -r"
> >
> > # this is only necessary if using idled for IMAP IDLE
> > idled cmd="idled"
> > }
> >
> > # UNIX sockets start with a slash and are put into /var/lib/imap/sockets
> > SERVICES {
> > # add or remove based on preferences
> > imap cmd="imapd" listen="[localhost]:imap" prefork=5
> > imaps cmd="imapd -s" listen="[localhost]:imaps" prefork=1
> > pop3 cmd="pop3d" listen="[pop]:pop3" prefork=3
> > pop3s cmd="pop3d -s" listen="[pop]:pop3s" prefork=1
> > sieve cmd="timsieved" listen="[localhost]:sieve" prefork=0
> >
> > # at least one LMTP is required for delivery
> > # lmtp cmd="lmtpd" listen="[localhost]:lmtp" prefork=0
> > lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
> >
> > # this is only necessary if using notifications
> > # notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
> > proto="udp" prefork=1
> > }
> >
> > EVENTS {
> > # this is required
> > checkpoint cmd="ctl_cyrusdb -c" period=30
> >
> > # this is only necessary if using duplicate delivery suppression
> > delprune cmd="ctl_deliver -E 3" at=0400
> >
> > # this is only necessary if caching TLS sessions
> > tlsprune cmd="tls_prune" at=0400
> >
> > # create SQUAT indexes for all mailboxes
> > squatter cmd="/usr/lib/cyrus-imapd/squatter -r user.%" at=401
> >
> > }
> > <---------------------- snip ----------------------->
> >
> > ---
> > Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >
>
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list