auxprop ldapdb
Hello the documentation is not very clear to me If I want to use auxprop with ldapdb Do i have to store my user password in clear in ldap or is the another solution For the moment I m using saslauthd.conf but I wonder if I can use auxprop to be more secure Thanks Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: auxprop ldapdb
zorg, zorg schrieb (28.08.2012 12:46 Uhr): the documentation is not very clear to me If I want to use auxprop with ldapdb Do i have to store my user password in clear in ldap or is the another solution You don't have to store the password in cleartext. But you cannot use shared secret mechanisms with hashed passwords IMHO, but this is not special to ldapdb. Marc Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
AUTHENTICATE PLAIN and authz
Hi Cyrus community,
I am having a problem getting AUTHN/AUTHZ to work with a cyrus
priviledged user. It fails to authenticate. Using LOGIN it works
but that does not allow you to proxy. I have the account listed
in proxyservers:
imapd.conf-
proxyservers: bigadmin
imapd.conf-
Then with telnet:
1 AUTHENTICATE PLAIN
+
base64{bigadmin\0bigadmin\0bigadminpassword}
1 NO authentication failure
2 LOGIN bigadmin bigadminpassword
2 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=PLAIN
COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN
LISTEXT LIST-SUBSCRIBED URLAUTH] User logged in
This works fine with a normal user:
1 AUTHENTICATE PLAIN
+
base64{user\0user\0userpassword}
1 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED COMPRESS=DEFLATE
ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME
UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN LISTEXT LIST-SUBSCRIBED
URLAUTH] Success (tls protection)
Does anyone have any ideas about how to debug this problem?
Thank you,
Ken
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: AUTHENTICATE PLAIN and authz
On 08/28/12 10:09 -0500, k...@rice.edu wrote:
Hi Cyrus community,
I am having a problem getting AUTHN/AUTHZ to work with a cyrus
priviledged user. It fails to authenticate. Using LOGIN it works
but that does not allow you to proxy. I have the account listed
in proxyservers:
imapd.conf-
proxyservers: bigadmin
imapd.conf-
Then with telnet:
1 AUTHENTICATE PLAIN
+
base64{bigadmin\0bigadmin\0bigadminpassword}
1 NO authentication failure
2 LOGIN bigadmin bigadminpassword
2 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=PLAIN
COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN
LISTEXT LIST-SUBSCRIBED URLAUTH] User logged in
Verify that your sasl_minimum_layer is set to 0 in this scenario. The
second login isn't technically a sasl authentication, and I don't know if
sasl_minimum_layer applies to it. What do you see in syslog?
Also try using imtest.
This works fine with a normal user:
1 AUTHENTICATE PLAIN
+
base64{user\0user\0userpassword}
1 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED COMPRESS=DEFLATE
ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME
UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN LISTEXT LIST-SUBSCRIBED
URLAUTH] Success (tls protection)
You performed tls in this scenario, which makes me wonder if it's a network
protection issue.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
