Basic configuration

Sam Przyswa samp at arial-concept.com
Wed Jul 25 10:26:32 EDT 2007


Michael Menge a écrit :
> Hi,
>
> You may check the following points.
>
> 1.) You set sasl_mech_list: plain

That's it !

>
> The mechanism plain is an extra sasl library, you may have to install.
> You force the use of plain even if better mechanism would be availible,
> but if the sasl_plain library is not installed you have no mechanism
> for authendification at all. You can use imtest to debug the login
> procedure.
> The CAPABILITY string must say AUTH=PLAIN.

The imtest give me:

CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE

I don't see AUTH=PLAIN !

> 2.) Activate imaps and test the login with
>
> imtest -a USERID localhost

Give me:

S: * OK evelyne Cyrus IMAP4 v2.2.13-Debian-2.2.13-10ubuntu2 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE 
STARTTLS
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN przyswa {8}
S: + go ahead
C: <omitted>
S: L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0
C: Q01 LOGOUT
Connection closed.


> imtest -t '' -a USERID localhost

Give me:

S: * OK evelyne Cyrus IMAP4 v2.2.13-Debian-2.2.13-10ubuntu2 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE 
STARTTLS
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE 
AUTH=LOGIN AUTH=PLAIN SASL-IR
S: C01 OK Completed
C: A01 AUTHENTICATE LOGIN
S: + VXNlcm5hbWU6
Please enter your password:
C: cHJ6eXN3YQ==
S: + UGFzc3dvcmQ6
C: c2FtMDE0NDg=
S: A01 NO generic failure
Authentication failed. generic failure
Security strength factor: 256

My user have the right password, I redo it by security
> imtest -s -a USERID localhost
>
> 3.) if you use PAM,
>
> have a look in /etc/pam.d/imap , /etc/pam.d/imaps , /etc/pam.d/pop ,
> /etc/pam.d/pops and /etc/pam.d/sieve
>
> if these files don't exist pam will use /etc/pam.d/other
> You may want to add
> "auth     required       pam_warn.so" and

I have:

auth     required       pam_unix.so nullok_secure
> "account  required       pam_warn.so"

I have:

account  required       pam_unix.so

> to the pam configurations to monitor and debut the logins
>
> i hope i could help

Yes but always the same result, I use saslauthd 2.1.22 Ubuntu able to 
authentication mechanisms: sasldb getpwent kerberos5 pam rimap shadow ldap

Thanks for you help.

Sam.


> Quoting Sam Przyswa <samp at arial-concept.com>:
>
>> Michael Menge a écrit :
>>> Hi,
>>>
>>> check the settings for
>>>
>>> allowplaintext
>>
>> It's set to yes
>>
>>> sasl_minimum_layer
>>
>> It's set to 0
>>
>>> in /etc/imapd.conf read the manpage for more details on these options
>>
>> Ok but I don't find a way to devalidate the encryption on PLAIN
>> password login as we have on your Courier server. We have about 300
>> users with there mail client configured in PLAIN password and our
>> customer don't want change 300 users' PC.
>>
>> We have to first migrate 300 Courier-IMAP /Maildir accounts to Cyrus
>> accounts and then make these accounts compatible with with our PLAIN
>> password login mechanism. I think that needs should be not too hard to
>> do. We have tested Dovecot and we don't encountered this kind of
>> problem.
>>
>> Thanks for your help.
>>
>> I put in attachment our imapd.conf and cyrus.conf
>>
>> Sam.
>>
>>> Quoting David.Addison at infineon.com:
>>>
>>>>
>>>> -----Original Message-----
>>>> From: info-cyrus-bounces at lists.andrew.cmu.edu    
>>>> [mailto:info-cyrus-bounces at lists.andrew.cmu.edu] On Behalf Of Sam  
>>>>   Przyswa
>>>> Sent: Tuesday, July 24, 2007 11:44 PM
>>>> To: Info Cyrus List
>>>> Subject: Re: Basic configuration
>>>>
>>>> David.Addison at infineon.com a écrit :
>>>>> Hi Sam
>>>>>
>>>>> Use saslauthd by adding the following lines to /etc/imapd.conf
>>>>>
>>>>> sasl_pwcheck_method: saslauthd
>>>>> sasl_mech_list: plain
>>>>>
>>>>
>>>> Ok.
>>>>
>>>>> Start saslauthd with
>>>>> /usr/sbin/saslauthd -a pam
>>>>> Or
>>>>> /usr/sbin/saslauthd -a shadow
>>>>> /usr/sbin/saslauthd -a getpwent
>>>>>
>>>>
>>>> I tried each option but I always got:
>>>>
>>>> badlogin: evelyne.arial-concept.com [172.16.0.118] PLAIN [SASL(-16):
>>>> encryption needed to use mechanism: security flags do not match 
>>>> required]
>>>>
>>>>
>>>>> There are other options which might work better on your system   
>>>>> but  this one works fine for me.
>>>>>
>>>>
>>>> ...yes !
>>>>
>>>> Hi Sam,
>>>>
>>>> IIRC, I think this means that you need to have an encrypted    
>>>> connection to the mail server to use the PLAIN auth mechanism.    
>>>> However, I can't find anything in my config files that would   
>>>> affect  this and I'm using unencrypted imap connections so I'm   
>>>> guessing.  Perhaps someone else can comment.
>>>>
>>>> Dave
>>>> ----
>>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>
>>>
>>>
>>>
>>> -------------------------------------------------------------------------------- 
>>> M.Menge                                 Tel.: (49)   7071/29-70316
>>> Universitaet Tuebingen                  Fax.: (49) 7071/29-5912
>>> Zentrum fuer Datenverarbeitung          mail:   
>>> michael.menge at zdv.uni-tuebingen.de
>>> Waechterstrasse 76
>>> 72074 Tuebingen
>>> ------------------------------------------------------------------------ 
>>>
>>>
>>> ----
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


-- 
Ce message a été vérifié par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a été trouvé.



More information about the Info-cyrus mailing list