Kővári János bsh at freemail.hu
Fri Apr 24 11:37:30 EDT 2009



Dan White írta:
> Kővári János wrote:
>> Kővári János wrote:
>>> >/ Postfix uses saslauthd, which is configured for PAM. It works />/ 
>>> perfectly, with plain/login/cram/digest mechanisms, with or without 
>>> />/ tls/ssl, absolutely no problems with it. Saslauth tests are all 
>>> fine />/ obviously.
>>> />/ So I decided to use this with cyrus imap too. Set it to use the 
>>> same />/ saslauth daemon, and plain, login, cram-md5 and digest-md5 
>>> mechs.
>>> />/ Since then, I can not login with plain or login mechs, because 
>>> they />/ aren't being offered at all by cyrus imapd. I can login 
>>> with cram or />/ digest fine.
>>> />/ I understand that plain login isn't offered by default, only 
>>> after a />/ successfull tls session setup, but if I understand 
>>> correctly, the />/ "allowplaintext: yes" option should still force 
>>> imapd to offer plain />/ logins. But it doesn't. I tried it with 
>>> different sasl_min|max_levels, />/ to no avail.
>>> /
>>> Please include the following information, so we can get a better 
>>> idea of your setup:
>>>
>>> Postfix and Cyrus IMAP version
>>> Postfix SASL config:
>>>   grep sasl main.cf
>>>   cat /etc/postfix/sasl/smtpd.conf (or wherever smtpd.conf it 
>>> located on your system)
>>>
>>>
>>>     
>> Hello Dan,
>>
>> Postfix version: 2.5.4
>> Cyrus IMAP version: 2.2.13
>>
>> smtpd_sasl_auth_enable = yes
>>
>> /cat /etc/postfix/sasl/smtpd.conf/
>> saslauthd_version: 2
>> pwcheck_method: saslauthd
>> mech_list: plain login cram-md5 digest-md5
>>
>> /cat /etc/imapd.conf/
>> allowplaintext: yes
>> saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
>> sasl_pwcheck_method: saslauthd
>> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>> sasl_auto_transition: no
>>
>> /cat /etc/default/saslauthd/
>> START=yes
>> PWDIR="/var/spool/postfix/var/run/saslauthd"
>> PARAMS="-m ${PWDIR}"
>> PIDFILE="${PWDIR}/saslauthd.pid"
>> MECHANISMS="pam"
>> MECH_OPTIONS=""
>> THREADS=5
>> OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
>> /#(I think the options line is wrong, the -m part is unneded, but it 
>> was like that, and it works...)/
>
>
> The way that you have postfix configured, it will use saslauthd (only) 
> for plain and login. It (via SASL) will use your auxprop store to 
> authenticate the cram-md5 and digest-md5 mechanisms. I'm assuming that 
> you have configured your users in /etc/sasldb2, since you are 
> authenticating to imapd via digest-md5.
yes, I was using sasldb2 until recently, so the database is set up and 
still there.
> 'allowplaintext: yes' should be all you need to support plain/login on 
> an in-the-clear connection. Since they are being offered after a TLS 
> connection, it's almost if there's a typo in your config for that 
> command.
Hmmm, I see no typo there.
> also:
>
> saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
>
> is a typo in /etc/imapd.conf. It should be:
>
> sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
Thanks!
> For trouble shooting, you might want to comment out 
> 'sasl_pwcheck_method: saslauthd', which will direct imapd to use all 
> available pw_check methods (including auxprop) for plain/login.
>
> - Dan
I did that too. When it's commented out, the plain and login methods are 
still not being offered, but neither cram nor digest! And I can not 
login at all. Doesn't accept any passwords.
So I reverted it to saslauthd.

Regards,
Janos


More information about the Info-cyrus mailing list