On Mon, 2005-07-11 at 16:55 -0400, Ken Murchison wrote: > Thomas Börnert wrote: > > > Yes, DIGEST-MD5 don't work too :-(. > > > > Why is it working with sasldb2 (auxprop) ? > > The mechanisms need the plaintext password (or plaintext equivalent) > stored in the auxprop backend.
Where is the patch availiable ??? Thanks -Thomas > The SQL auxprop that ships with SASL > will work correctly unless you've patched it to store encrypted > passwords, in which case the SQL auxprop will only work for plaintext > SASL mechanisms and plaintext authentication protocol commands. > > > > > There exists an patch for cyrus with auxprop/mysql. > > > > Have anyone tested it ? > > > > Thanks. > > > > -Thomas > > > > On Mon, 2005-07-11 at 08:19 -0400, Ken Murchison wrote: > > > >>Thomas Börnert wrote: > >> > >> > >>>hi list, > >>> > >>>ntlm with evolution or outlook isn't working: > >>> > >>>imap[17765]: badlogin: localhost.localdomain [127.0.0.1] NTLM [SASL > >>>(-13): authentication failure: incorrect NTLM response] > >>> > >>>i've found: if i use sasldb2 then it works. > >>> > >>>if i use the mysql setup below that it won't work :-(. > >> > >>Do CRAM-MD5 or DIGEST-MD5 work with mysql? > >> > >> > >> > >>>have anyone an idea ? > >> > >>My guess is that you are encrypting the passwords in your mysql > >>database, which will cause non-plaintext mechanisms like NTLM and > >>DIGEST-MD5 to fail. > >> > >> > >> > >>>my imapd.conf > >>><---------------------- snip -----------------------> > >>>configdirectory: /var/lib/imap > >>>#duplicatesuppression: 0 > >>>partition-default: /var/spool/imap > >>>admins: cyrus > >>>allowanonymouslogin: no > >>>autocreatequota: 1000000 > >>>quotawarn: 90 > >>>timeout: 30 > >>>poptimeout: 10 > >>>#popminpoll: 1 > >>>servername: pop.domain.net > >>>sievedir: /var/lib/imap/sieve > >>>sieve_maxscriptsize: 32 > >>>sieve_maxscripts: 5 > >>>sendmail: /usr/sbin/sendmail > >>>hashimapspool: true > >>>allowplaintext: yes > >>>sasl_pwcheck_method: saslauthd > >>>sasl_mech_list: LOGIN PLAIN NTLM DIGEST-MD5 CRAM-MD5 > >>>tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem > >>>tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem > >>>tls_ca_file: /usr/share/ssl/certs/cyrus-imapd.pem > >>>sasl_sql_engine: mysql > >>>sasl_sql_hostnames: localhost > >>>sasl_sql_user: mail > >>>sasl_sql_passwd: secret > >>>sasl_sql_database: mail > >>>sasl_sql_select: select password from accountuser where username = '%u' > >>><---------------------- snip -----------------------> > >>> > >>>my cyrus.conf > >>><---------------------- snip -----------------------> > >>># standard standalone server implementation > >>> > >>>START { > >>> # do not delete this entry! > >>> recover cmd="ctl_cyrusdb -r" > >>> > >>> # this is only necessary if using idled for IMAP IDLE > >>> idled cmd="idled" > >>>} > >>> > >>># UNIX sockets start with a slash and are put into /var/lib/imap/sockets > >>>SERVICES { > >>> # add or remove based on preferences > >>> imap cmd="imapd" listen="[localhost]:imap" prefork=5 > >>> imaps cmd="imapd -s" listen="[localhost]:imaps" prefork=1 > >>> pop3 cmd="pop3d" listen="[pop]:pop3" prefork=3 > >>> pop3s cmd="pop3d -s" listen="[pop]:pop3s" prefork=1 > >>> sieve cmd="timsieved" listen="[localhost]:sieve" prefork=0 > >>> > >>> # at least one LMTP is required for delivery > >>># lmtp cmd="lmtpd" listen="[localhost]:lmtp" prefork=0 > >>> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 > >>> > >>> # this is only necessary if using notifications > >>># notify cmd="notifyd" listen="/var/lib/imap/socket/notify" > >>>proto="udp" prefork=1 > >>>} > >>> > >>>EVENTS { > >>> # this is required > >>> checkpoint cmd="ctl_cyrusdb -c" period=30 > >>> > >>> # this is only necessary if using duplicate delivery suppression > >>> delprune cmd="ctl_deliver -E 3" at=0400 > >>> > >>> # this is only necessary if caching TLS sessions > >>> tlsprune cmd="tls_prune" at=0400 > >>> > >>> # create SQUAT indexes for all mailboxes > >>> squatter cmd="/usr/lib/cyrus-imapd/squatter -r user.%" at=401 > >>> > >>>} > >>><---------------------- snip -----------------------> > >>> > >>>--- > >>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus > >>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > >>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > >>> > >> > > > > > > --- > > Cyrus Home Page: http://asg.web.cmu.edu/cyrus > > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu > > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html