Cyrus Aggegator ( Murder ) auth questions, how to test authentication.

Dan White dwhite at olp.net
Sat Jul 17 16:07:23 EDT 2010


On 16/07/10 23:49 -0300, Lucas Zinato Carraro wrote:
> Can i use differentes methods for authentication ( user: ldap, mupdate +
>backend, backend + backend : sasldb )? 
>( for example users auth in frontend with saslauthd: ldap  but frontends
>auth in mupdate and backends using /etc/sasldb2 , and auth between backend
>using another mech)
>
>Consider that im not using REFERALL  ( proxyd_disable_mailbox_referrals: 1
>).

Yes. The authentication method is determined by the server (or the per
service SASL configuration on a given server). 

On the frontends, you could configure SASL as:
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain login

In which case you'll need to enable allowplaintext, or provide an SSL/TLS
method to encrypt traffic.

And on the backends and mupdate master:
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb

>+ How to test if proxy user is working correctly ?    Its correctly to use:
>imtest -t "" -a proxyuser -u user   backendserver.domain

Looks correct.

>Its possible to do this with imap commands in telnet session ??

Yes, but you'll need to use the SASL PLAIN mechanism (or other
mechanism that supports proxy authentication). Like:

perl -MMIME::Base64 -e 'print encode_base64("proxied_user\0proxy_user\0password")'
cHJveGllZF91c2VyAHByb3h5X3VzZXIAcGFzc3dvcmQ=

telnet localhost 143
a01 authenticate plain cHJveGllZF91c2VyAHByb3h5X3VzZXIAcGFzc3dvcmQ=
a02 select INBOX

and you'll need to enable allowplaintext regardless of your
sasl_pwcheck_method configuration.

-- 
Dan White


More information about the Info-cyrus mailing list