[0.9] Re: -authz no longer working?
John Masterson
jmasterson at modwest.com
Fri Sep 4 19:13:02 EDT 2009
Dan White wrote:
> On 04/09/09 15:01 -0600, John Masterson wrote:
>> Sep 4 14:59:09 mbe1 cyrus/imap[18587]: badlogin: mgmt.modwest.com
>> [204.11.245.21] PLAIN [SASL(-16): encryption needed to use mechanism:
>> security flags do not match required]
>> Sep 4 14:59:39 mbe1 cyrus/imap[18587]: login: mgmt.modwest.com
>> [204.11.245.21] cyrus plaintext User logged in
>
> You probably do not have this turned on in /etc/imapd.conf:
>
> # Allow plaintext logins by default (SASL PLAIN)
> allowplaintext: yes
>
> You can either:
>
> * connect using TLS (which will provide the required security bits),
> then connect with PLAIN
>
> * enable the allowplaintext option
>
> * or connect with another mechanism (like DIGEST-MD5) which would also
> provide the appropriate level of network security.
>
> you might also need to adjust your sasl_minimum_layer setting.
>
Hmm:
$ cyradm -user cyrus -authz magnafix -auth DIGEST-MD5 mbe1
cyradm: cannot authenticate to server with DIGEST-MD5 as cyrus
root at mbe1:~# grep allowplaintext: /etc/imapd.conf
allowplaintext: yes
lmtpproxy_allowplaintext: yes
lmtp_allowplaintext: yes
imap_allowplaintext: yes
root at mbe1:~# grep sasl_min /etc/imapd.conf
# sasl_minimum_layer and allowapop below, too.
sasl_minimum_layer: 0
I will keep researching. Thanks for your help so far!
--
John Masterson
Modwest, Inc.
http://www.modwest.com
1-888-549-0917
1-406-541-4678
More information about the Info-cyrus
mailing list