Kővári János wrote: > Kővári János wrote: >> >/ Postfix uses saslauthd, which is configured for PAM. It works >> />/ perfectly, with plain/login/cram/digest mechanisms, with or without >> />/ tls/ssl, absolutely no problems with it. Saslauth tests are all fine >> />/ obviously. >> />/ So I decided to use this with cyrus imap too. Set it to use the same >> />/ saslauth daemon, and plain, login, cram-md5 and digest-md5 mechs. >> />/ Since then, I can not login with plain or login mechs, because they >> />/ aren't being offered at all by cyrus imapd. I can login with cram or >> />/ digest fine. >> />/ I understand that plain login isn't offered by default, only after a >> />/ successfull tls session setup, but if I understand correctly, the >> />/ "allowplaintext: yes" option should still force imapd to offer plain >> />/ logins. But it doesn't. I tried it with different sasl_min|max_levels, >> />/ to no avail. >> / >> Please include the following information, so we can get a better idea of >> your setup: >> >> Postfix and Cyrus IMAP version >> Postfix SASL config: >> grep sasl main.cf >> cat /etc/postfix/sasl/smtpd.conf (or wherever smtpd.conf it located on >> your system) >> >> >> > Hello Dan, > > Postfix version: 2.5.4 > Cyrus IMAP version: 2.2.13 > > smtpd_sasl_auth_enable = yes > > /cat /etc/postfix/sasl/smtpd.conf/ > saslauthd_version: 2 > pwcheck_method: saslauthd > mech_list: plain login cram-md5 digest-md5 > > /cat /etc/imapd.conf/ > allowplaintext: yes > saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 > sasl_auto_transition: no > > /cat /etc/default/saslauthd/ > START=yes > PWDIR="/var/spool/postfix/var/run/saslauthd" > PARAMS="-m ${PWDIR}" > PIDFILE="${PWDIR}/saslauthd.pid" > MECHANISMS="pam" > MECH_OPTIONS="" > THREADS=5 > OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" > /#(I think the options line is wrong, the -m part is unneded, but it > was like that, and it works...)/
The way that you have postfix configured, it will use saslauthd (only) for plain and login. It (via SASL) will use your auxprop store to authenticate the cram-md5 and digest-md5 mechanisms. I'm assuming that you have configured your users in /etc/sasldb2, since you are authenticating to imapd via digest-md5. 'allowplaintext: yes' should be all you need to support plain/login on an in-the-clear connection. Since they are being offered after a TLS connection, it's almost if there's a typo in your config for that command. also: saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux is a typo in /etc/imapd.conf. It should be: sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux For trouble shooting, you might want to comment out 'sasl_pwcheck_method: saslauthd', which will direct imapd to use all available pw_check methods (including auxprop) for plain/login. - Dan ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html