Dan White írta: > Kővári János wrote: >> Kővári János wrote: >>> >/ Postfix uses saslauthd, which is configured for PAM. It works />/ >>> perfectly, with plain/login/cram/digest mechanisms, with or without >>> />/ tls/ssl, absolutely no problems with it. Saslauth tests are all >>> fine />/ obviously. >>> />/ So I decided to use this with cyrus imap too. Set it to use the >>> same />/ saslauth daemon, and plain, login, cram-md5 and digest-md5 >>> mechs. >>> />/ Since then, I can not login with plain or login mechs, because >>> they />/ aren't being offered at all by cyrus imapd. I can login >>> with cram or />/ digest fine. >>> />/ I understand that plain login isn't offered by default, only >>> after a />/ successfull tls session setup, but if I understand >>> correctly, the />/ "allowplaintext: yes" option should still force >>> imapd to offer plain />/ logins. But it doesn't. I tried it with >>> different sasl_min|max_levels, />/ to no avail. >>> / >>> Please include the following information, so we can get a better >>> idea of your setup: >>> >>> Postfix and Cyrus IMAP version >>> Postfix SASL config: >>> grep sasl main.cf >>> cat /etc/postfix/sasl/smtpd.conf (or wherever smtpd.conf it >>> located on your system) >>> >>> >>> >> Hello Dan, >> >> Postfix version: 2.5.4 >> Cyrus IMAP version: 2.2.13 >> >> smtpd_sasl_auth_enable = yes >> >> /cat /etc/postfix/sasl/smtpd.conf/ >> saslauthd_version: 2 >> pwcheck_method: saslauthd >> mech_list: plain login cram-md5 digest-md5 >> >> /cat /etc/imapd.conf/ >> allowplaintext: yes >> saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux >> sasl_pwcheck_method: saslauthd >> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 >> sasl_auto_transition: no >> >> /cat /etc/default/saslauthd/ >> START=yes >> PWDIR="/var/spool/postfix/var/run/saslauthd" >> PARAMS="-m ${PWDIR}" >> PIDFILE="${PWDIR}/saslauthd.pid" >> MECHANISMS="pam" >> MECH_OPTIONS="" >> THREADS=5 >> OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" >> /#(I think the options line is wrong, the -m part is unneded, but it >> was like that, and it works...)/ > > > The way that you have postfix configured, it will use saslauthd (only) > for plain and login. It (via SASL) will use your auxprop store to > authenticate the cram-md5 and digest-md5 mechanisms. I'm assuming that > you have configured your users in /etc/sasldb2, since you are > authenticating to imapd via digest-md5. yes, I was using sasldb2 until recently, so the database is set up and still there. > 'allowplaintext: yes' should be all you need to support plain/login on > an in-the-clear connection. Since they are being offered after a TLS > connection, it's almost if there's a typo in your config for that > command. Hmmm, I see no typo there. > also: > > saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux > > is a typo in /etc/imapd.conf. It should be: > > sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux Thanks! > For trouble shooting, you might want to comment out > 'sasl_pwcheck_method: saslauthd', which will direct imapd to use all > available pw_check methods (including auxprop) for plain/login. > > - Dan I did that too. When it's commented out, the plain and login methods are still not being offered, but neither cram nor digest! And I can not login at all. Doesn't accept any passwords. So I reverted it to saslauthd.
Regards, Janos ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html