Dan White
dwhite at olp.net
Fri Apr 24 10:07:28 EDT 2009
Kővári János wrote:
> Kővári János wrote:
>> >/ Postfix uses saslauthd, which is configured for PAM. It works
>> />/ perfectly, with plain/login/cram/digest mechanisms, with or without
>> />/ tls/ssl, absolutely no problems with it. Saslauth tests are all fine
>> />/ obviously.
>> />/ So I decided to use this with cyrus imap too. Set it to use the same
>> />/ saslauth daemon, and plain, login, cram-md5 and digest-md5 mechs.
>> />/ Since then, I can not login with plain or login mechs, because they
>> />/ aren't being offered at all by cyrus imapd. I can login with cram or
>> />/ digest fine.
>> />/ I understand that plain login isn't offered by default, only after a
>> />/ successfull tls session setup, but if I understand correctly, the
>> />/ "allowplaintext: yes" option should still force imapd to offer plain
>> />/ logins. But it doesn't. I tried it with different sasl_min|max_levels,
>> />/ to no avail.
>> /
>> Please include the following information, so we can get a better idea of
>> your setup:
>>
>> Postfix and Cyrus IMAP version
>> Postfix SASL config:
>> grep sasl main.cf
>> cat /etc/postfix/sasl/smtpd.conf (or wherever smtpd.conf it located on
>> your system)
>>
>>
>>
> Hello Dan,
>
> Postfix version: 2.5.4
> Cyrus IMAP version: 2.2.13
>
> smtpd_sasl_auth_enable = yes
>
> /cat /etc/postfix/sasl/smtpd.conf/
> saslauthd_version: 2
> pwcheck_method: saslauthd
> mech_list: plain login cram-md5 digest-md5
>
> /cat /etc/imapd.conf/
> allowplaintext: yes
> saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> sasl_auto_transition: no
>
> /cat /etc/default/saslauthd/
> START=yes
> PWDIR="/var/spool/postfix/var/run/saslauthd"
> PARAMS="-m ${PWDIR}"
> PIDFILE="${PWDIR}/saslauthd.pid"
> MECHANISMS="pam"
> MECH_OPTIONS=""
> THREADS=5
> OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
> /#(I think the options line is wrong, the -m part is unneded, but it
> was like that, and it works...)/
The way that you have postfix configured, it will use saslauthd (only)
for plain and login. It (via SASL) will use your auxprop store to
authenticate the cram-md5 and digest-md5 mechanisms. I'm assuming that
you have configured your users in /etc/sasldb2, since you are
authenticating to imapd via digest-md5.
'allowplaintext: yes' should be all you need to support plain/login on
an in-the-clear connection. Since they are being offered after a TLS
connection, it's almost if there's a typo in your config for that command.
also:
saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
is a typo in /etc/imapd.conf. It should be:
sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
For trouble shooting, you might want to comment out
'sasl_pwcheck_method: saslauthd', which will direct imapd to use all
available pw_check methods (including auxprop) for plain/login.
- Dan
More information about the Info-cyrus
mailing list