Re: lmtpd don't advertise the "EXTERNAL" auth method
On Mon, 24 Mar 2003, Balazs GAL wrote: > I use a backported version of debian's (thanks hmh) cyrus21 2.1.11-5 > package. > > My problem is that, lmtpd don't advertise the "EXTERNAL" auth method > on unix socket (neither on tcp). Because it, cyrdeliver (deliver) > can't use the AUTH parameter of the MAIL FROM command (see lmtp_runtxn in > lmtpengine.c), and because it, cyrdeliver (-a auth-id option) and the > mta can't provide the authenticated userid to cyrus. Every post > run as "anyone", so our users cant post to the shared folders etc etc. I'm unclear what the problem is here. Certainly I don't believe there is one with LMTPd (though perhaps there is one with cyrdeliver). Over TCP, you're going to need an external authentication source (e.g. TLS client cert) before you can advertise EXTERNAL as a SASL auth mech. On a unix socket, the connection is assumed to be preauthenticated as an admin, so you shouldn't need to authenticate at all (i.e. don't let non admins write to the unix socket!). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: lmtpd don't advertise the "EXTERNAL" auth method
On Mon, 24 Mar 2003, Balazs GAL wrote: > > I'm unclear what the problem is here. Certainly I don't believe there is > > one with LMTPd (though perhaps there is one with cyrdeliver). > > Sorry this was an old draft mail. (Evolution is buggy) > This was a sasl2 bug (as I can recollect sasl 2.1.9), > sasl2 upgrade solved the problem. > > > (though perhaps there is one with cyrdeliver). > > No, as you see I used socat, so this was not cyrdeliver's fault. I meant in its interpretation of what was going on. In any case, I'm glad its fixed. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: lmtpd don't advertise the "EXTERNAL" auth method
Please ignore my previous (old draft) mail. Evolution is little buggy. Sorry and Thanks. balsa
Re: lmtpd don't advertise the "EXTERNAL" auth method
2003-03-24, h keltezéssel Rob Siemborski ezt írta: > I'm unclear what the problem is here. Certainly I don't believe there is > one with LMTPd (though perhaps there is one with cyrdeliver). Sorry this was an old draft mail. (Evolution is buggy) This was a sasl2 bug (as I can recollect sasl 2.1.9), sasl2 upgrade solved the problem. > (though perhaps there is one with cyrdeliver). No, as you see I used socat, so this was not cyrdeliver's fault. balsa
Re: lmtpd don't advertise the "EXTERNAL" auth method
2003-01-06, h keltezéssel Balazs GAL ezt írta: > Hi! > > I use a backported version of debian's (thanks hmh) cyrus21 2.1.11-5 > package. > > My problem is that, lmtpd don't advertise the "EXTERNAL" auth method [...] > What's the solution? Can anybody reproduce it? > sasl_minimum_layer: 56 The problem is the sasl_minimum_layer option, e.g if I set it to 0, it works. I don't think, that this is the normal behavior of lmtpd, because it run on an "Preauthorized connection". I think that lmtpd should only care the sasl_minimum_layer option if it run on an NOT "Preauthorized connection" like a tcp port running without the '-a' cmdl option. So I think this is a bug here in cyrus 2.1.11. balsa