PLAIN authentication timsieved

Mathieu Kretchner mathieu.kretchner at sophia.inria.fr
Wed Jan 28 07:47:47 EST 2009


It seems like I've no plain text auth capability !!

[root at client ~]# telnet cyrus_server imap
Trying cyrus_server ...
Connected to imap-sop.inria.fr (cyrus_server).
Escape character is '^]'.
* OK cyrus_server Cyrus IMAP4 v2.2.12 server ready
. capability
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS


How could I configure this, like my other server do ?

[root at client ~]# telnet test1 imap
Trying 1.2.3.4...
Connected to test1 (1.2.3.4).
Escape character is '^]'.
* OK INRIA mail server - test1 ready.
. capability
* CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND
UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS
LIST-EXTENDED I18NLEVEL=1 QUOTA STARTTLS *AUTH=PLAIN*


Michael Menge wrote:
> Hi,
> 
> Quoting Mathieu Kretchner <mathieu.kretchner at sophia.inria.fr>:
> 
>> Ok thank you for your help,
>>
>> I've tried the allowplaintext: yes but the proxy sieve server I use is
>> still complaining !
>>
>> I don't know why? I've done a tcp/ip trace of data transmission between
>> proxy and sieve cyrus server and the only thing I see is that :
>>
>> Data (41 bytes)
>> 0000  41 55 54 48 45 4e 54 49 43 41 54 45 20 22 50 4c   AUTHENTICATE "PL
>> 0010  41 49 4e 22 20 22 41 47 6c 74 59 58 41 79 41 47   AIN" "AGltYXAyAG
>> 0020  6c 74 59 58 41 79 22 0d 0a                        ltYXAy"..
>>
>> Data (22 bytes)
>> 0000  4f 4b 20 22 4c 6f 67 6f 75 74 20 43 6f 6d 70 6c   OK "Logout Compl
>> 0010  65 74 65 22 0d 0a                                 ete"..
>>
>>
>> How could I debug this ?
>>
>>
> 
> It seems your client tries PLAIN authentication. You can try sivtest,  
> it will show all the data send between sieved and sivtest.
> Which database does saslauthd use for authentication, if you use pam  
> you need an entry for sieve in /etc/pam.d .
> Are there any messages form saslauthd in the logs?
> 
> 
> 
>> Raphael Jaffey wrote:
>>> Sorry, we use this setting in our environment as we're using stunnel
>>> for sieved connections rather than its built in TLS support.
>>>
>>> The relevant parts of our current config read:
>>>
>>> sasl_pwcheck_method: saslauthd
>>> sasl_mech_list: PLAIN
>>>
>>>
>>> allowplaintext: no
>>> sasl_minimum_layer: 128
>>> sieve_allowplaintext: yes
>>> sieve_sasl_minimum_layer: 0
>>>
>>> tls_cert_file: <some-path>
>>> tls_key_file: <some-path>
>>> tls_ca_file: <some-path>
>>> tls_cipher_list: !ADH:MEDIUM:HIGH
>>>
>>> sieve_tls_cert_file: disabled
>>>
>>>
>>>
>>> In your case, assuming you don't want PLAIN in the clear, I should
>>> think the following would suffice:
>>>
>>> sasl_pwcheck_method: saslauthd
>>> sasl_mech_list: PLAIN
>>>
>>>
>>> allowplaintext: no
>>> sasl_minimum_layer: 128
>>>
>>> tls_cert_file: <some-path>
>>> tls_key_file: <some-path>
>>> tls_ca_file: <some-path>
>>> tls_cipher_list: !ADH:MEDIUM:HIGH
>>>
>>> This assumes that your sieve client supports TLS.
>>>
>>> Quoting Raphael Jaffey <rjaffey at artic.edu>:
>>>
>>>> sieve_allowplaintext: yes
>>>>
>>>> Quoting Mathieu Kretchner <mathieu.kretchner at sophia.inria.fr>:
>>>>
>>>>> Hello,
>>>>>
>>>>> I would like to allow connection to sieved server with PLAIN mechanism.
>>>>> But my configuration seems to already have this. What do I miss ?
>>>>>
>>>>> Cyrus is 2.2.12
>>>>> here is my imapd.conf :
>>>>>
>>>>> configdirectory: /data/imap
>>>>> partition-default: /data/imap/spool
>>>>> servername: imap-sop.inria.fr
>>>>> admins: cyrus
>>>>> hashimapspool: yes
>>>>> duplicatesuppression: no
>>>>> sasl_pwcheck_method: saslauthd
>>>>> allowanonymouslogin: no
>>>>> tls_session_timeout: 0
>>>>> allowapop: 0
>>>>> sasl_mech_list: PLAIN
>>>>> sieveuserhomedir: no
>>>>> sievedir: /data/imap/sieve
>>>>> sieve_maxscripts: 8
>>>>> sieve_maxscriptsize: 640
>>>>> sendmail: /usr/sbin/sendmail
>>>>> tls_ca_file: /data/imap/ssl/ca.crt
>>>>> tls_cert_file: /data/imap/ssl/server.crt
>>>>> tls_key_file:  /data/imap/ssl/server.key
>>>>> tls_ca_path: /data/imap/ssl
>>>>>
>>>>> Thank you
>>>>>
>>>>>
>>>>
>>>> ----
>>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>
>>>
>>>
>>> ----
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> 
> 
> --------------------------------------------------------------------------------
> M.Menge                                Tel.: (49) 7071/29-70316
> Universität Tübingen                   Fax.: (49) 7071/29-5912
> Zentrum für Datenverarbeitung          mail:  
> michael.menge at zdv.uni-tuebingen.de
> Wächterstraße 76
> 72074 Tübingen
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mathieu_kretchner.vcf
Type: text/x-vcard
Size: 268 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090128/52c8b24b/attachment-0001.vcf 


More information about the Info-cyrus mailing list