Hi,
On Wed, Feb 15, 2012 at 7:26 PM, Eric Shubert <e...@shubes.net> wrote:
> The other impact will be the elimination of cram-md5 as an authentication
> option. While this doesn't really make QMT any less secure, it might mean
> that some clients that were formerly configured to use cram-md5 would fail
> to work until their configuration options were changed.
Related to this:
On my another recently new qmailtoaster server I noticed the following
after updating packages with yum:
Feb 11 12:52:02 Updated: 1:dovecot-2.0.17-1.qtp.i386
Feb 11 12:52:30 Updated: qmail-toaster-1.03-1.3.21.i686
Feb 11 12:53:07 Updated: qmailtoaster-plus-0.3.2-1.4.17.noarch
I had disabled cram-md5 from the server (as I had had issues with it
on my other toaster running Horde). in /etc/dovecot/toaster.conf:
auth_mechanisms = plain login digest-md5
But after the update logins to Squirrelmail no longer worked, this was
the error given by Squirrelmail:
ERROR:
Bad request: IMAP server does not appear to support the authentication
method selected. Please contact your system administrator.
And in dovecot.log I saw:
Feb 16 23:31:04 imap-login: Info: Disconnected (tried to use
unsupported auth mechanism): method=CRAM-MD5, rip=127.0.0.1,
lip=127.0.0.1, secured
What I have in /etc/squirrelmail/config.php is:
$imap_auth_mech = 'login';
$use_imap_tls = false;
Now I am puzzled as I had the same config in dovecot/squirrelmail
before the update and things worked ok.
Here is what I see in the dovecot.log with the old version when
logging in via Squirrelmail:
Feb 16 23:40:33 imap-login: Info: Aborted login (auth failed, 1
attempts): user=<pe...@mydomain.tld>, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured
So no cram-md5 there.... So the situation seems to be:
* with dovecot-2.0.11-2.qtp + qmail-toaster-1.03-1.3.20 Squirrelmail
works ok without cram-md5, Horde does not work without cram-md5
* with dovecot-2.0.17-1.qtp.i386 + qmail-toaster-1.03-1.3.21.i686
Squirrelmail does not work without cram-md5, situation of Horde with
this combo is unknown to me
Has anyone any ideas why Squirrelmail started using cram-md5 after the update?
Best,
Peter
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
