Cyrus Aggegator ( Murder ) auth questions, how to test authentication.
Dan White
dwhite at olp.net
Sat Jul 17 16:07:23 EDT 2010
On 16/07/10 23:49 -0300, Lucas Zinato Carraro wrote:
> Can i use differentes methods for authentication ( user: ldap, mupdate +
>backend, backend + backend : sasldb )?
>( for example users auth in frontend with saslauthd: ldap but frontends
>auth in mupdate and backends using /etc/sasldb2 , and auth between backend
>using another mech)
>
>Consider that im not using REFERALL ( proxyd_disable_mailbox_referrals: 1
>).
Yes. The authentication method is determined by the server (or the per
service SASL configuration on a given server).
On the frontends, you could configure SASL as:
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain login
In which case you'll need to enable allowplaintext, or provide an SSL/TLS
method to encrypt traffic.
And on the backends and mupdate master:
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
>+ How to test if proxy user is working correctly ? Its correctly to use:
>imtest -t "" -a proxyuser -u user backendserver.domain
Looks correct.
>Its possible to do this with imap commands in telnet session ??
Yes, but you'll need to use the SASL PLAIN mechanism (or other
mechanism that supports proxy authentication). Like:
perl -MMIME::Base64 -e 'print encode_base64("proxied_user\0proxy_user\0password")'
cHJveGllZF91c2VyAHByb3h5X3VzZXIAcGFzc3dvcmQ=
telnet localhost 143
a01 authenticate plain cHJveGllZF91c2VyAHByb3h5X3VzZXIAcGFzc3dvcmQ=
a02 select INBOX
and you'll need to enable allowplaintext regardless of your
sasl_pwcheck_method configuration.
--
Dan White
More information about the Info-cyrus
mailing list