strange sasl auth
bebop33 at gmx.de
bebop33 at gmx.de
Wed May 11 21:24:08 EDT 2005
Hi everybody,
i thought you may have some ideas or might be interested in some strange
sasl-authentication: i'm using cyrus-sasl-2.1.20, cyrus-imapd-2.2.12 and
postfix-2.2.3. postfix and imapd seem to work fine against my sasldb2 (no
saslauthd!), i thought. at least until i dared comparing the propagation. i
found
postfix:
250-AUTH LOGIN PLAIN DIGEST-MD5
imapd:
AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR
as imtest -m login works, i assume this is the sasl-internal login. very
astonished, i recognized, that changes in plugins/imap.conf do not affect
the propagation, while changes in plugins/smtp.conf does affect postfix.
additionally, auth works completely for all mentioned mechanisms from
localhost (though i never configured otp nor wanted it to work), but only
for a weird selection out of plain, login and digest-md5 from remote: i.e.
with kmail i can authenticate digest-md5 or login on smtpd (including tls -
or without) and on imapd. with outlook express log says only
imap [n] login: host.domain.tld [192.168.6.2] ce at domain.tld plaintext User
logged in
also, except login (+tls,-tls) no mechanism is good enough for smtpd from
remote, tested with cyrus' smtptest, while locally anything goes (with
correct password, of course). smtptest does not complain about missing libs
or so, i assume this is okay? postfix uses tls, cyrus not yet.
what do you think? is there something missing or totally misconfigured?
does anyone have a good explanation?
(please see the relevant sasl/tls settings from my configs below)
thanks & regards
christian
from main.cf (postfix):
smtp_sasl_password_maps = hash:/etc/sasl_passwd
smtpd_sasl_local_domain = ce-it.de
smtpd_sasl_security_options = noanonymous
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/mx-key.pem
smtpd_tls_CAfile = /etc/de-cacert.pem
smtpd_tls_cert_file = /etc/mx-cert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
from imapd.conf
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
--
+++ Lassen Sie Ihren Gedanken freien Lauf... z.B. per FreeSMS +++
GMX bietet bis zu 100 FreeSMS/Monat: http://www.gmx.net/de/go/mail
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list