PLAIN authentication timsieved
Michael Menge
michael.menge at zdv.uni-tuebingen.de
Wed Jan 28 05:53:40 EST 2009
Hi,
Quoting Mathieu Kretchner <mathieu.kretchner at sophia.inria.fr>:
> Ok thank you for your help,
>
> I've tried the allowplaintext: yes but the proxy sieve server I use is
> still complaining !
>
> I don't know why? I've done a tcp/ip trace of data transmission between
> proxy and sieve cyrus server and the only thing I see is that :
>
> Data (41 bytes)
> 0000 41 55 54 48 45 4e 54 49 43 41 54 45 20 22 50 4c AUTHENTICATE "PL
> 0010 41 49 4e 22 20 22 41 47 6c 74 59 58 41 79 41 47 AIN" "AGltYXAyAG
> 0020 6c 74 59 58 41 79 22 0d 0a ltYXAy"..
>
> Data (22 bytes)
> 0000 4f 4b 20 22 4c 6f 67 6f 75 74 20 43 6f 6d 70 6c OK "Logout Compl
> 0010 65 74 65 22 0d 0a ete"..
>
>
> How could I debug this ?
>
>
It seems your client tries PLAIN authentication. You can try sivtest,
it will show all the data send between sieved and sivtest.
Which database does saslauthd use for authentication, if you use pam
you need an entry for sieve in /etc/pam.d .
Are there any messages form saslauthd in the logs?
> Raphael Jaffey wrote:
>> Sorry, we use this setting in our environment as we're using stunnel
>> for sieved connections rather than its built in TLS support.
>>
>> The relevant parts of our current config read:
>>
>> sasl_pwcheck_method: saslauthd
>> sasl_mech_list: PLAIN
>>
>>
>> allowplaintext: no
>> sasl_minimum_layer: 128
>> sieve_allowplaintext: yes
>> sieve_sasl_minimum_layer: 0
>>
>> tls_cert_file: <some-path>
>> tls_key_file: <some-path>
>> tls_ca_file: <some-path>
>> tls_cipher_list: !ADH:MEDIUM:HIGH
>>
>> sieve_tls_cert_file: disabled
>>
>>
>>
>> In your case, assuming you don't want PLAIN in the clear, I should
>> think the following would suffice:
>>
>> sasl_pwcheck_method: saslauthd
>> sasl_mech_list: PLAIN
>>
>>
>> allowplaintext: no
>> sasl_minimum_layer: 128
>>
>> tls_cert_file: <some-path>
>> tls_key_file: <some-path>
>> tls_ca_file: <some-path>
>> tls_cipher_list: !ADH:MEDIUM:HIGH
>>
>> This assumes that your sieve client supports TLS.
>>
>> Quoting Raphael Jaffey <rjaffey at artic.edu>:
>>
>>> sieve_allowplaintext: yes
>>>
>>> Quoting Mathieu Kretchner <mathieu.kretchner at sophia.inria.fr>:
>>>
>>>> Hello,
>>>>
>>>> I would like to allow connection to sieved server with PLAIN mechanism.
>>>> But my configuration seems to already have this. What do I miss ?
>>>>
>>>> Cyrus is 2.2.12
>>>> here is my imapd.conf :
>>>>
>>>> configdirectory: /data/imap
>>>> partition-default: /data/imap/spool
>>>> servername: imap-sop.inria.fr
>>>> admins: cyrus
>>>> hashimapspool: yes
>>>> duplicatesuppression: no
>>>> sasl_pwcheck_method: saslauthd
>>>> allowanonymouslogin: no
>>>> tls_session_timeout: 0
>>>> allowapop: 0
>>>> sasl_mech_list: PLAIN
>>>> sieveuserhomedir: no
>>>> sievedir: /data/imap/sieve
>>>> sieve_maxscripts: 8
>>>> sieve_maxscriptsize: 640
>>>> sendmail: /usr/sbin/sendmail
>>>> tls_ca_file: /data/imap/ssl/ca.crt
>>>> tls_cert_file: /data/imap/ssl/server.crt
>>>> tls_key_file: /data/imap/ssl/server.key
>>>> tls_ca_path: /data/imap/ssl
>>>>
>>>> Thank you
>>>>
>>>>
>>>
>>>
>>> ----
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>
>>
>>
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
--------------------------------------------------------------------------------
M.Menge Tel.: (49) 7071/29-70316
Universität Tübingen Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung mail:
michael.menge at zdv.uni-tuebingen.de
Wächterstraße 76
72074 Tübingen
More information about the Info-cyrus
mailing list