Basic configuration
Michael Menge
michael.menge at zdv.uni-tuebingen.de
Wed Jul 25 08:35:35 EDT 2007
Hi,
You may check the following points.
1.) You set sasl_mech_list: plain
The mechanism plain is an extra sasl library, you may have to install.
You force the use of plain even if better mechanism would be availible,
but if the sasl_plain library is not installed you have no mechanism
for authendification at all. You can use imtest to debug the login
procedure.
The CAPABILITY string must say AUTH=PLAIN.
2.) Activate imaps and test the login with
imtest -a USERID localhost
imtest -t '' -a USERID localhost
imtest -s -a USERID localhost
3.) if you use PAM,
have a look in /etc/pam.d/imap , /etc/pam.d/imaps , /etc/pam.d/pop ,
/etc/pam.d/pops and /etc/pam.d/sieve
if these files don't exist pam will use /etc/pam.d/other
You may want to add
"auth required pam_warn.so" and
"account required pam_warn.so"
to the pam configurations to monitor and debut the logins
i hope i could help
Quoting Sam Przyswa <samp at arial-concept.com>:
> Michael Menge a écrit :
>> Hi,
>>
>> check the settings for
>>
>> allowplaintext
>
> It's set to yes
>
>> sasl_minimum_layer
>
> It's set to 0
>
>> in /etc/imapd.conf read the manpage for more details on these options
>
> Ok but I don't find a way to devalidate the encryption on PLAIN
> password login as we have on your Courier server. We have about 300
> users with there mail client configured in PLAIN password and our
> customer don't want change 300 users' PC.
>
> We have to first migrate 300 Courier-IMAP /Maildir accounts to Cyrus
> accounts and then make these accounts compatible with with our PLAIN
> password login mechanism. I think that needs should be not too hard to
> do. We have tested Dovecot and we don't encountered this kind of
> problem.
>
> Thanks for your help.
>
> I put in attachment our imapd.conf and cyrus.conf
>
> Sam.
>
>> Quoting David.Addison at infineon.com:
>>
>>>
>>> -----Original Message-----
>>> From: info-cyrus-bounces at lists.andrew.cmu.edu
>>> [mailto:info-cyrus-bounces at lists.andrew.cmu.edu] On Behalf Of Sam
>>> Przyswa
>>> Sent: Tuesday, July 24, 2007 11:44 PM
>>> To: Info Cyrus List
>>> Subject: Re: Basic configuration
>>>
>>> David.Addison at infineon.com a écrit :
>>>> Hi Sam
>>>>
>>>> Use saslauthd by adding the following lines to /etc/imapd.conf
>>>>
>>>> sasl_pwcheck_method: saslauthd
>>>> sasl_mech_list: plain
>>>>
>>>
>>> Ok.
>>>
>>>> Start saslauthd with
>>>> /usr/sbin/saslauthd -a pam
>>>> Or
>>>> /usr/sbin/saslauthd -a shadow
>>>> /usr/sbin/saslauthd -a getpwent
>>>>
>>>
>>> I tried each option but I always got:
>>>
>>> badlogin: evelyne.arial-concept.com [172.16.0.118] PLAIN [SASL(-16):
>>> encryption needed to use mechanism: security flags do not match required]
>>>
>>>
>>>> There are other options which might work better on your system
>>>> but this one works fine for me.
>>>>
>>>
>>> ...yes !
>>>
>>> Hi Sam,
>>>
>>> IIRC, I think this means that you need to have an encrypted
>>> connection to the mail server to use the PLAIN auth mechanism.
>>> However, I can't find anything in my config files that would
>>> affect this and I'm using unencrypted imap connections so I'm
>>> guessing. Perhaps someone else can comment.
>>>
>>> Dave
>>> ----
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>
>>
>>
>> -------------------------------------------------------------------------------- M.Menge Tel.: (49)
>> 7071/29-70316
>> Universitaet Tuebingen Fax.: (49) 7071/29-5912
>> Zentrum fuer Datenverarbeitung mail:
>> michael.menge at zdv.uni-tuebingen.de
>> Waechterstrasse 76
>> 72074 Tuebingen
>> ------------------------------------------------------------------------
>>
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> --
> Sam Przyswa - Chef de projet
> Arial Concept - Intégrateur Internet
> 36, rue de Turin - 75008 - Paris - France
> Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01
> Skype ID: arial-concept
> Web: http://www.arial-concept.com - Email: Info at arial-concept.com
>
>
> --
> Ce message a été vérifié par MailScanner
> pour des virus ou des polluriels et rien de
> suspect n'a été trouvé.
--------------------------------------------------------------------------------
M.Menge Tel.: (49) 7071/29-70316
Universitaet Tuebingen Fax.: (49) 7071/29-5912
Zentrum fuer Datenverarbeitung mail:
michael.menge at zdv.uni-tuebingen.de
Waechterstrasse 76
72074 Tuebingen
-------------- next part --------------
Hi,
You may check the following points.
1.) You set sasl_mech_list: plain
The mechanism plain is an extra sasl library, you may have to install.
You force the use of plain even if better mechanism would be availible,
but if the sasl_plain library is not installed you have no mechanism
for authendification at all. You can use imtest to debug the login
procedure.
The CAPABILITY string must say AUTH=PLAIN.
2.) Activate imaps and test the login with
imtest -a USERID localhost
imtest -t '' -a USERID localhost
imtest -s -a USERID localhost
3.) if you use PAM,
have a look in /etc/pam.d/imap , /etc/pam.d/imaps , /etc/pam.d/pop ,
/etc/pam.d/pops and /etc/pam.d/sieve
if these files don't exist pam will use /etc/pam.d/other
You may want to add
"auth required pam_warn.so" and
"account required pam_warn.so"
to the pam configurations to monitor and debut the logins
i hope i could help
Quoting Sam Przyswa <samp at arial-concept.com>:
> Michael Menge a écrit :
>> Hi,
>>
>> check the settings for
>>
>> allowplaintext
>
> It's set to yes
>
>> sasl_minimum_layer
>
> It's set to 0
>
>> in /etc/imapd.conf read the manpage for more details on these options
>
> Ok but I don't find a way to devalidate the encryption on PLAIN
> password login as we have on your Courier server. We have about 300
> users with there mail client configured in PLAIN password and our
> customer don't want change 300 users' PC.
>
> We have to first migrate 300 Courier-IMAP /Maildir accounts to Cyrus
> accounts and then make these accounts compatible with with our PLAIN
> password login mechanism. I think that needs should be not too hard to
> do. We have tested Dovecot and we don't encountered this kind of
> problem.
>
> Thanks for your help.
>
> I put in attachment our imapd.conf and cyrus.conf
>
> Sam.
>
>> Quoting David.Addison at infineon.com:
>>
>>>
>>> -----Original Message-----
>>> From: info-cyrus-bounces at lists.andrew.cmu.edu
>>> [mailto:info-cyrus-bounces at lists.andrew.cmu.edu] On Behalf Of Sam
>>> Przyswa
>>> Sent: Tuesday, July 24, 2007 11:44 PM
>>> To: Info Cyrus List
>>> Subject: Re: Basic configuration
>>>
>>> David.Addison at infineon.com a écrit :
>>>> Hi Sam
>>>>
>>>> Use saslauthd by adding the following lines to /etc/imapd.conf
>>>>
>>>> sasl_pwcheck_method: saslauthd
>>>> sasl_mech_list: plain
>>>>
>>>
>>> Ok.
>>>
>>>> Start saslauthd with
>>>> /usr/sbin/saslauthd -a pam
>>>> Or
>>>> /usr/sbin/saslauthd -a shadow
>>>> /usr/sbin/saslauthd -a getpwent
>>>>
>>>
>>> I tried each option but I always got:
>>>
>>> badlogin: evelyne.arial-concept.com [172.16.0.118] PLAIN [SASL(-16):
>>> encryption needed to use mechanism: security flags do not match required]
>>>
>>>
>>>> There are other options which might work better on your system
>>>> but this one works fine for me.
>>>>
>>>
>>> ...yes !
>>>
>>> Hi Sam,
>>>
>>> IIRC, I think this means that you need to have an encrypted
>>> connection to the mail server to use the PLAIN auth mechanism.
>>> However, I can't find anything in my config files that would
>>> affect this and I'm using unencrypted imap connections so I'm
>>> guessing. Perhaps someone else can comment.
>>>
>>> Dave
>>> ----
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>
>>
>>
>> -------------------------------------------------------------------------------- M.Menge Tel.: (49)
>> 7071/29-70316
>> Universitaet Tuebingen Fax.: (49) 7071/29-5912
>> Zentrum fuer Datenverarbeitung mail:
>> michael.menge at zdv.uni-tuebingen.de
>> Waechterstrasse 76
>> 72074 Tuebingen
>> ------------------------------------------------------------------------
>>
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> --
> Sam Przyswa - Chef de projet
> Arial Concept - Intégrateur Internet
> 36, rue de Turin - 75008 - Paris - France
> Tel: 01 40 54 86 04 - 0870 444 596 - Fax: 01 40 54 83 01
> Skype ID: arial-concept
> Web: http://www.arial-concept.com - Email: Info at arial-concept.com
>
>
> --
> Ce message a été vérifié par MailScanner
> pour des virus ou des polluriels et rien de
> suspect n'a été trouvé.
--------------------------------------------------------------------------------
M.Menge Tel.: (49) 7071/29-70316
Universitaet Tuebingen Fax.: (49) 7071/29-5912
Zentrum fuer Datenverarbeitung mail:
michael.menge at zdv.uni-tuebingen.de
Waechterstrasse 76
72074 Tuebingen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5469 bytes
Desc: S/MIME krytographische Unterschrift
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20070725/d4198ede/attachment-0002.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5469 bytes
Desc: S/MIME krytographische Unterschrift
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20070725/d4198ede/attachment-0003.bin
More information about the Info-cyrus
mailing list