auxprop ldapdb
Hello the documentation is not very clear to me If I want to use auxprop with ldapdb Do i have to store my user password in clear in ldap or is the another solution For the moment I m using saslauthd.conf but I wonder if I can use auxprop to be more secure Thanks Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: auxprop ldapdb
zorg, zorg schrieb (28.08.2012 12:46 Uhr): the documentation is not very clear to me If I want to use auxprop with ldapdb Do i have to store my user password in clear in ldap or is the another solution You don't have to store the password in cleartext. But you cannot use shared secret mechanisms with hashed passwords IMHO, but this is not special to ldapdb. Marc Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
AUTHENTICATE PLAIN and authz
Hi Cyrus community, I am having a problem getting AUTHN/AUTHZ to work with a cyrus priviledged user. It fails to authenticate. Using LOGIN it works but that does not allow you to proxy. I have the account listed in proxyservers: imapd.conf- proxyservers: bigadmin imapd.conf- Then with telnet: 1 AUTHENTICATE PLAIN + base64{bigadmin\0bigadmin\0bigadminpassword} 1 NO authentication failure 2 LOGIN bigadmin bigadminpassword 2 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=PLAIN COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN LISTEXT LIST-SUBSCRIBED URLAUTH] User logged in This works fine with a normal user: 1 AUTHENTICATE PLAIN + base64{user\0user\0userpassword} 1 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN LISTEXT LIST-SUBSCRIBED URLAUTH] Success (tls protection) Does anyone have any ideas about how to debug this problem? Thank you, Ken Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: AUTHENTICATE PLAIN and authz
On 08/28/12 10:09 -0500, k...@rice.edu wrote: Hi Cyrus community, I am having a problem getting AUTHN/AUTHZ to work with a cyrus priviledged user. It fails to authenticate. Using LOGIN it works but that does not allow you to proxy. I have the account listed in proxyservers: imapd.conf- proxyservers: bigadmin imapd.conf- Then with telnet: 1 AUTHENTICATE PLAIN + base64{bigadmin\0bigadmin\0bigadminpassword} 1 NO authentication failure 2 LOGIN bigadmin bigadminpassword 2 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=PLAIN COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN LISTEXT LIST-SUBSCRIBED URLAUTH] User logged in Verify that your sasl_minimum_layer is set to 0 in this scenario. The second login isn't technically a sasl authentication, and I don't know if sasl_minimum_layer applies to it. What do you see in syslog? Also try using imtest. This works fine with a normal user: 1 AUTHENTICATE PLAIN + base64{user\0user\0userpassword} 1 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN LISTEXT LIST-SUBSCRIBED URLAUTH] Success (tls protection) You performed tls in this scenario, which makes me wonder if it's a network protection issue. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus