On Wednesday 19 November 2003 20:03, Ken Murchison wrote:
I'd like to disable plaintext auth at all.
Keep in mind that there is a difference between allowing plaintext authentication and allowing plaintext authentication mechanisms. You can enable plaintext authentication mechanisms (SASL PLAIN, IMAP LOGIN, POP3 USER/PASS) without allowing plaintext authentication by forcing the client to use SSL/TLS.
In fact, some older clients use nothing but plaintext authentication mechanisms.
I've changed the conf as you suggested to auxprop and t start to work FINE. THANK YOU som much. I shame of myself.....
If you already have an auxprop plugin populated with the user secrets, then this is the way to go.
Ilya Basin wrote:
Hi, I've spent a week trying to configure cyrus-imapd-2.1.15 to work with MS Outlook 2000 over TLS/SSL. I see no way to fix it... maybe I've missed something?
System:
Slackware 9.1 openssl-09.7c cyrus-imapd-cyrus-sasl-2.1.15 cyrus-imapd-2.1.15
compiled with no errors.
Mozilla Messanger, PINE - checked & work fine with it over port 993 MS Oultook -> (with the options [secure auth], work over SSL (port 993)) gives an error "CRAM-MD5 auth failed" IMAPD.log: #################################################### imapd[25702]: starttls: TLSv1 with cipher RC4-MD5(128/128 bits new) no authentication imapd[25702]: badlogin: [213.152.132.32] NTLM [SASL(-13): user not found: no secret in database]
What kind of authentication do you want to do? Are you only going to allow plaintext auth mechanisms (via saslauthd), or do you want to allow shared secret mechanisms (via an auxprop plugin like sasldb, LDAP, SQL)?
The only way you will be able to use Outlook's SPA (NTLM) is to allow the user secrets to be stored in an auxprop backend, or to proxy the NTLM authentication to an NT/2K server.
My suggestion is to simply not use Outlook's SPA, since the authentication is already protected by SSL. Unchecking the SPA box should solve your problem.
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
