Allow PLAIN login cyrus 2.2.12

Manel Gimeno Zaragozá magiza83 at hotmail.com
Mon Feb 13 10:02:01 EST 2012 

Hello,

I've tried adding "asterisk" lines but nothing changes:

=====imapd.conf====
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
*sasl_minimum_layer:  0

=====saslauthd.conf=====
ldap_servers: ldap://ldap.ldaptest.com:389/ ldap://srv-ln-repli1.ldaptest:389/
ldap_search_base: ou=pre_test,dc=org
ldap_bind_dn: cn=admin
ldap_password: password
ldap_scope: sub
ldap_filter: (|(cn=%U@%d)(uid=%u))
*ldap_auth_method: plain

I'm still not able to log in#

#imtest -m plain 192.168.1.5 -a test-adm
      S: * OK Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
      C: C01 CAPABILITY
      S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT       THREAD=REFERENCES ANNOTATEMORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE
      S: C01 OK Completed
      [Server did not advertise AUTH=PLAIN]
      Authentication failed. generic failure
      Security strength factor: 0

Regards.

Manel Gimeno Zaragoza
magiza83 at hotmail.com


From: magiza83 at hotmail.com
To: awilliam at whitemice.org; info-cyrus at lists.andrew.cmu.edu
Subject: RE: Allow PLAIN login cyrus 2.2.12
Date: Mon, 13 Feb 2012 12:55:27 +0100







Hello,

I've noticed that if I do imtest from remote host I get different exit:

#imtest -m plain 192.168.1.5 -a cyrus
        S: * OK  Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
        C: C01 CAPABILITY
        S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE
        S: C01 OK Completed
        [Server did not advertise AUTH=PLAIN]
        Authentication failed. generic failure
        Security strength factor: 0

Anyway I answer your questions underline.

>> I'm trying to migrate mailbox from "cyrus-imapd-2.2.12-19" to
>> "cyrus-imapd-2.4.13-1.el6.x86_64" using imapsync.
>> The login is through ldap but the problem is that I can not login
>> through admin user to the cyrus old version (2.2.12). It shows me the
>> following error:
>> "Error login: [192.168.1.5] with user [test-adm] auth [PLAIN]: 2 NO
>> encryption needed to use mechanism"
>>     S: L01 NO Login failed: authentication failure
>>     Authentication failed. generic failure
>>     Security strength factor: 0
>> I've created a test environment and there I have no problems as cyrus
>> i allowing auth plain.
>
>Do you have "allowplaintext: 1" in imapd.conf?  There is also
>"sasl_minimum_layer".

I've "allowplaintext: 1" defined, but I do not "sasl_minimum_layer" and I'm not sure about the value of this parameter.

>> #imtest -m plain 192.168.1.6 -a test-adm
>>     S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN
>> SASL-IR] cyrus3-test Cyrus IMAP v2.4.13-Invoca-RPM-2.4.13-1.el6 server
>> ready
>
>Are you authenticating via saslauthd [since you are using PLAIN]?  If so
>can you suceed with testsaslauthd -u .... ?

I can connect via testsaslauthd:
#testsaslauthd -u test-adm -p password
        0: OK "Success."


>> I've tried to configure old cyrus with the same parameters but it
>> doesn't work. I've added the following line to imapd.conf but nothing
>> change, I get the same response without AUTH=PLAIN
>>     sasl_mech_list: PLAIN
>
>Are you sude your LDAP connection is configured the same way?  [OpenLDAP
>uses the SSF concept too].  Perhaps you certificates are expired or
>misconfigured [permissions]?

I guess LDAP is correctly configured as new cyrus server is connecting to the same LDAP server and it works (I've no acces to LDAP configuration)

>> I don't know if I need to force plain login in saslauthd.conf as well,
>> or if there is some parameter that I should specify because in old
>> versions it's needed.


Manel Gimeno Zaragoza
magiza83 at hotmail.com
 		 	   		  

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20120213/fd9f1c31/attachment-0001.html

More information about the Info-cyrus mailing list