crypted password
carole gimenez
gimenez at cict.fr
Fri May 27 10:43:57 EDT 2005
Hi all,
I use cyrus-imapd-2.2.10, cyrus-sasl-2.1.20 and openldap-2.2.18.
I authenticate users with need of our ldap server. For that, i use
saslauthd daemon with the plain mechanism.
Is the password user encrypted or does it pass in cleartext between
cyrus-imap server and ldap server?
Mail client (imaps)<==> cyrus-imap server <=> cyrus-sasl server <=> ldap
server
Can somebody clear up me the ideas and explain me the mechanism?
Thanks for advance.
Here the differents configuration files of cyrus-imap and cyrus-sasl:
* /usr/lib/sasl2/Cyrus.conf
pwcheck_method: saslauthd
mech_list: plain
* /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1/ ldap://xxxxx:389/
ldap_auth_method: custom
ldap_bind_dn: uid=cyrus,ou=appli,dc=ups-tlse,dc=fr
ldap_password: xxxxxx
ldap_search_base: dc=ups-tlse,dc=fr
#ldap_filter: cn=%u
* /etc/cyrus.conf
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="/usr/local/cyrus_imapd/cyrus/bin/ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
# this is useful on backend nodes of a Murder cluster
# it causes the backend to syncronize its mailbox list with
# the mupdate master upon startup
# mupdatepush cmd="/usr/local/cyrus_imapd/cyrus/bin/ctl_mboxlist -m"
# this is recommended if using duplicate delivery suppression
delprune cmd="/usr/local/cyrus_imapd/cyrus/bin/ctl_deliver -E 3"
# this is recommended if caching TLS sessions
tlsprune cmd="/usr/local/cyrus_imapd/cyrus/bin/tls_prune"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
# you can use a maxchild=# to limit the maximum number of forks of a service
# you can use babysit=true and maxforkrate=# to keep tight tabs on the
service
# most services also accept -U (limit number of reuses) and -T (timeout)
SERVICES {
# add or remove based on preferences
#imap cmd="imapd" listen="imap" prefork=0
imaplocal cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imap" prefork=0
imaps cmd="imapd -s -U 30" listen="130.120.74.17:imaps"
prefork=0 maxchild=100
# pop3 cmd="pop3d" listen="pop3" prefork=0
# pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=0
# nntps cmd="nntpd -s" listen="nntps" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
maxchild=20
# this is only necessary if using notifications
notify cmd="notifyd" listen="/var/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="/usr/local/cyrus_imapd/cyrus/bin/ctl_cyrusdb -c"
period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
# delprune cmd="cyr_expire -E 3" at=0400
delprune cmd="/usr/local/cyrus_imapd/cyrus/bin/ctl_deliver -E 3" at=0401
# this is only necessary if caching TLS sessions
tlsprune cmd="/usr/local/cyrus_imapd/cyrus/bin/tls_prune" at=0401
squatter cmd="/usr/local/cyrus_imapd/cyrus/bin/squatter -r user.%" at=0401
}
* /etc/imapd-local.conf (for cyrus account administration)
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
maxmessagesize: 5000000
#allowplaintext: 0
sasl_pwcheck_method: saslauthd
sasl_option: 1
sasl_mech_list: plain
sasl_auto_transition: 1
servername: pc-systeme.cict.fr
lmtp_downcase_rcpt: 1
mailnotifier: log
* /etc/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
#admins: cyrus
sievedir: /var/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
maxmessagesize: 5000000
sasl_pwcheck_method: saslauthd
sasl_option: 1
sasl_mech_list: plain
sasl_auto_transition: 1
servername: pc-systeme.cict.fr
lmtp_downcase_rcpt: 1
mailnotifier: log
tls_ca_file: /usr/share/ssl/mon_AC/private/mon_AC.crt
tls_cert_file: /usr/share/ssl/mon_AC/certs/server_signed.pem
tls_key_file: /usr/share/ssl/mon_AC/private/server_tls.pem
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list