Allow PLAIN login cyrus 2.2.12

Manel Gimeno Zaragozá magiza83 at hotmail.com
Tue Feb 14 06:51:29 EST 2012 

Hello,

Adding your "hack" it works! Now I can login:

=====imapd.conf========
imap            cmd="imapd -p 256" listen="imap"
====================

#imtest -m plain 192.168.65.130 -a test-adm
S: * OK IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN AGN5cnVzAGN5cnVzMDE=
S: A01 OK Success (no protection)
Authenticated.
Security strength factor: 0

Thanks a lot!

Regards.

Manel Gimeno Zaragoza
magiza83 at hotmail.com


> Date: Mon, 13 Feb 2012 14:32:21 -0600
> From: dwhite at olp.net
> To: magiza83 at hotmail.com
> CC: info-cyrus at lists.andrew.cmu.edu; awilliam at whitemice.org
> Subject: Re: Allow PLAIN login cyrus 2.2.12
> 
> On 02/13/12 17:22 +0100, Manel Gimeno Zaragozá wrote:
> >
> >Hello,
> >
> >I've execute testsaslauthd as cyrus user a it's OK
> >
> >[root log]# su - cyrus
> >[cyrus1 ~]$ /usr/sbin/testsaslauthd -u test-adm -p password
> >0: OK "Success."
> >
> >On the other hand, I've done some test and I've execute imtest getting the following:
> >
> ># imtest -m plain 192.168.65.130 -a cyrus
> >S: * OK Datadec-Online Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-19 server ready
> >C: C01 CAPABILITY
> >S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> >NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> >BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> >LISTEXT LIST-SUBSCRIBED X-NETSCAPE
> >S: C01 OK Completed
> >C: A01 AUTHENTICATE PLAIN
> >S: A01 NO encryption needed to use mechanism
> >Authentication failed. generic failure
> >Security strength factor: 0
> >. login test-adm password
> >. OK User logged in
> >C: Q01 LOGOUT
> >Connection closed.
> >
> >
> >=========log==============
> >
> >Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: telling master 2
> >
> >Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: accepted connection
> >
> >Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: telling master 3
> >
> >Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 pid 29801 in READY state: now unavailable and in BUSY state
> >
> >Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 now has 1 ready workers
> >
> >Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 pid 29801 in BUSY state: now serving connection
> >
> >Feb 13 17:16:02 srv-vln-pre1 master[24579]: service imap1 now has 1 ready workers
> >
> >*Feb 13 17:16:02 srv-vln-pre1 imap1[29801]: badlogin:
> >xmlfrwk.pre.datadec-online.com [192.168.65.130] PLAIN [SASL(-16):
> >encryption needed to use mechanism: security flags do not match
> >required]
> >
> >*Feb 13 17:16:11 srv-vln-pre1 imap1[29801]: login:
> >xmlfrwk.pre.datadec-online.com [192.168.65.130] test-adm plaintext User
> >logged in
> >
> >==========================
> >
> >
> >
> >As you can see on the first try I get "badlogin" but when I try ". login
> >test-adm password" I'm able to log in.
> 
> In the first case you are authenticating using SASL PLAIN, with user
> 'cyrus', and in the second case you are authenticating using the
> login/pass with user 'test-adm', which is an apples to oranges
> comparison.
> 
> It would be better to use 'imtest -m login -a cyrus <ip>' (which should perform
> login/pass authentication) and compare that to 'imtest -m login -a
> test-adm <ip>', and then compare the two with '-m plain'.
> 
> 'encryption needed to use mechanism: security flags do not match required'
> seems to indicate that you need to specify:
> 
> sasl_minimum_layer: 0
> 
> but you said you already tried that. A hack to get this to work would be to
> tell imapd that it's operating under an external security layer. In
> /etc/cyrus.conf, you could modify your imapd line(s) to include '-p 256',
> e.g.:
> 
> imap            cmd="imapd -p 256" listen="imap"
> 
> See the manpage for imapd(8).
> 
> -- 
> Dan White
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20120214/848c29eb/attachment.html

More information about the Info-cyrus mailing list