Allow PLAIN login cyrus 2.2.12

Manel Gimeno Zaragozá magiza83 at hotmail.com
Mon Feb 13 06:55:27 EST 2012 

Hello,

I've noticed that if I do imtest from remote host I get different exit:

#imtest -m plain 192.168.1.5 -a cyrus
        S: * OK  Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
        C: C01 CAPABILITY
        S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE
        S: C01 OK Completed
        [Server did not advertise AUTH=PLAIN]
        Authentication failed. generic failure
        Security strength factor: 0

Anyway I answer your questions underline.

>> I'm trying to migrate mailbox from "cyrus-imapd-2.2.12-19" to
>> "cyrus-imapd-2.4.13-1.el6.x86_64" using imapsync.
>> The login is through ldap but the problem is that I can not login
>> through admin user to the cyrus old version (2.2.12). It shows me the
>> following error:
>> "Error login: [192.168.1.5] with user [test-adm] auth [PLAIN]: 2 NO
>> encryption needed to use mechanism"
>>     S: L01 NO Login failed: authentication failure
>>     Authentication failed. generic failure
>>     Security strength factor: 0
>> I've created a test environment and there I have no problems as cyrus
>> i allowing auth plain.
>
>Do you have "allowplaintext: 1" in imapd.conf?  There is also
>"sasl_minimum_layer".

I've "allowplaintext: 1" defined, but I do not "sasl_minimum_layer" and I'm not sure about the value of this parameter.

>> #imtest -m plain 192.168.1.6 -a test-adm
>>     S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN
>> SASL-IR] cyrus3-test Cyrus IMAP v2.4.13-Invoca-RPM-2.4.13-1.el6 server
>> ready
>
>Are you authenticating via saslauthd [since you are using PLAIN]?  If so
>can you suceed with testsaslauthd -u .... ?

I can connect via testsaslauthd:
#testsaslauthd -u test-adm -p password
        0: OK "Success."


>> I've tried to configure old cyrus with the same parameters but it
>> doesn't work. I've added the following line to imapd.conf but nothing
>> change, I get the same response without AUTH=PLAIN
>>     sasl_mech_list: PLAIN
>
>Are you sude your LDAP connection is configured the same way?  [OpenLDAP
>uses the SSF concept too].  Perhaps you certificates are expired or
>misconfigured [permissions]?

I guess LDAP is correctly configured as new cyrus server is connecting to the same LDAP server and it works (I've no acces to LDAP configuration)

>> I don't know if I need to force plain login in saslauthd.conf as well,
>> or if there is some parameter that I should specify because in old
>> versions it's needed.


Manel Gimeno Zaragoza
magiza83 at hotmail.com
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20120213/64599487/attachment.html

More information about the Info-cyrus mailing list