Allow PLAIN login cyrus 2.2.12
Manel Gimeno Zaragozá
magiza83 at hotmail.com
Mon Feb 13 10:02:01 EST 2012
Hello,
I've tried adding "asterisk" lines but nothing changes:
=====imapd.conf====
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
*sasl_minimum_layer: 0
=====saslauthd.conf=====
ldap_servers: ldap://ldap.ldaptest.com:389/ ldap://srv-ln-repli1.ldaptest:389/
ldap_search_base: ou=pre_test,dc=org
ldap_bind_dn: cn=admin
ldap_password: password
ldap_scope: sub
ldap_filter: (|(cn=%U@%d)(uid=%u))
*ldap_auth_method: plain
I'm still not able to log in#
#imtest -m plain 192.168.1.5 -a test-adm
S: * OK Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
[Server did not advertise AUTH=PLAIN]
Authentication failed. generic failure
Security strength factor: 0
Regards.
Manel Gimeno Zaragoza
magiza83 at hotmail.com
From: magiza83 at hotmail.com
To: awilliam at whitemice.org; info-cyrus at lists.andrew.cmu.edu
Subject: RE: Allow PLAIN login cyrus 2.2.12
Date: Mon, 13 Feb 2012 12:55:27 +0100
Hello,
I've noticed that if I do imtest from remote host I get different exit:
#imtest -m plain 192.168.1.5 -a cyrus
S: * OK Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
[Server did not advertise AUTH=PLAIN]
Authentication failed. generic failure
Security strength factor: 0
Anyway I answer your questions underline.
>> I'm trying to migrate mailbox from "cyrus-imapd-2.2.12-19" to
>> "cyrus-imapd-2.4.13-1.el6.x86_64" using imapsync.
>> The login is through ldap but the problem is that I can not login
>> through admin user to the cyrus old version (2.2.12). It shows me the
>> following error:
>> "Error login: [192.168.1.5] with user [test-adm] auth [PLAIN]: 2 NO
>> encryption needed to use mechanism"
>> S: L01 NO Login failed: authentication failure
>> Authentication failed. generic failure
>> Security strength factor: 0
>> I've created a test environment and there I have no problems as cyrus
>> i allowing auth plain.
>
>Do you have "allowplaintext: 1" in imapd.conf? There is also
>"sasl_minimum_layer".
I've "allowplaintext: 1" defined, but I do not "sasl_minimum_layer" and I'm not sure about the value of this parameter.
>> #imtest -m plain 192.168.1.6 -a test-adm
>> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN
>> SASL-IR] cyrus3-test Cyrus IMAP v2.4.13-Invoca-RPM-2.4.13-1.el6 server
>> ready
>
>Are you authenticating via saslauthd [since you are using PLAIN]? If so
>can you suceed with testsaslauthd -u .... ?
I can connect via testsaslauthd:
#testsaslauthd -u test-adm -p password
0: OK "Success."
>> I've tried to configure old cyrus with the same parameters but it
>> doesn't work. I've added the following line to imapd.conf but nothing
>> change, I get the same response without AUTH=PLAIN
>> sasl_mech_list: PLAIN
>
>Are you sude your LDAP connection is configured the same way? [OpenLDAP
>uses the SSF concept too]. Perhaps you certificates are expired or
>misconfigured [permissions]?
I guess LDAP is correctly configured as new cyrus server is connecting to the same LDAP server and it works (I've no acces to LDAP configuration)
>> I don't know if I need to force plain login in saslauthd.conf as well,
>> or if there is some parameter that I should specify because in old
>> versions it's needed.
Manel Gimeno Zaragoza
magiza83 at hotmail.com
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20120213/fd9f1c31/attachment-0001.html
More information about the Info-cyrus
mailing list