strange behaviour authenticating to IMAP server with squirrelmail

Merlin Hartley merlin at mrc-mbu.cam.ac.uk
Mon Oct 9 06:47:46 EDT 2017 

Why would you want to, you are already using TLS so what do you expect to gain?
plaintext+TLS

md5 suffers from multiple inadequacies - so it seems pretty pointless to me.


M
--
Merlin Hartley
Computer Officer
MRC Mitochondrial Biology Unit
Cambridge, CB2 0XY
United Kingdom

> On 8 Oct 2017, at 21:21, Walter H. via Info-cyrus <info-cyrus at lists.andrew.cmu.edu> wrote:
> 
> Hello,
> 
> when setting in squirrelmail
> $imap_auth_mech = 'cram-md5';
> or
> $imap_auth_mech = 'digest-md5';
> then the following is logged in /etc/maillog
> 
> Oct  8 14:59:41 imap-host imaps[2042]: accepted connection
> Oct  8 14:59:41 imap-host imaps[2042]: imapd:Loading DH parameters from file
> Oct  8 14:59:41 imap-host imaps[2042]: SSL_accept() incomplete -> wait
> Oct  8 14:59:41 imap-host imaps[2042]: SSL_accept() succeeded -> done
> Oct  8 14:59:41 imap-host imaps[2042]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
> Oct  8 14:59:42 imap-host imaps[2042]: badlogin: host-running-squirrel [IPv6-running-squirrel] DIGEST-MD5 [SASL(-13): user not found: no secret in database]
> 
> but, when setting in squirrelmail
> $imap_auth_mech = 'login';
> then the following is logged and it works ...
> 
> Oct  8 18:37:16 imap-host imaps[10530]: accepted connection
> Oct  8 18:37:16 imap-host imaps[10530]: imapd:Loading DH parameters from file
> Oct  8 18:37:16 imap-host imaps[10530]: SSL_accept() incomplete -> wait
> Oct  8 18:37:16 imap-host imaps[10530]: SSL_accept() succeeded -> done
> Oct  8 18:37:16 imap-host imaps[10530]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
> Oct  8 18:37:17 imap-host imaps[10530]: login: host-running-squirrel [IPv6-running-squirrel] walter plaintext+TLS User logged in
> 
> even /etc/imapd.conf is this:
> 
> allowanonymouslogin: no
> allowplaintext: no <--
> altnamespace: no
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> servername: storage.mail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> tls_cert_file: /etc/pki/cyrus-imapd/tls.crt/mail-host.crt
> tls_key_file: /etc/pki/cyrus-imapd/tls.key/mail-host.key
> tls_ca_file: /etc/pki/cyrus-imapd/tls.crt/server-chain-sslca.crt
> quotawarn: 95
> 
> sasldblistusers2 shows this:
> 
> cyrus at imap-host: userPassword
> 
> why I am unable to use  digest-md5 or cram-md5?
> or: what do I have to do to use digest-md5?
> adding a user with  saslpasswd2?
> what is the 'appname'?
> 
> Im using Centos 6 and the RPM packages of CentOS
> 
> Thanks,
> Walter
> 
> 
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20171009/cc497e20/attachment.html>

More information about the Info-cyrus mailing list