Re: What to use when no AUTH=
On Mon, 2003-07-14 at 04:39, Ken Murchison wrote:
> Nope, I use Sendmail. I don't understand why people have such a hard
> time setting up SASL. If you use either sasldb2 or saslauthd, its
> trivial. If you use MySQL or LDAP (which I've never tried), it gets a
> little more complicated.
Actually, LDAP was a good deal easier to configure with 1.5.24 due to
the permissions problems people had with non-root servers (Cyrus and
Postfix) reading /etc/shadow. I mention 1.5.24 as if it were relevant
because it's the last release certain large Linux distributors released
before going to 2, and many of us, it seems, still have servers based on
that. I'm only now getting around to upgrading to 2 & 1.5.27 to use
saslauthd, which makes the whole permissions problem simple.
People also often seem to be confused as to where to put the various
configuration parameters--it can be in the applications config file
('sasl_pwcheck_method' in /etc/imapd.conf) or in the SASL lib dir
('pwcheck_method' in /usr/lib/sasl/Cyrus.conf or is it imapd.conf?).
Wil
--
Wil Cooley [EMAIL PROTECTED]
Naked Ape Consultinghttp://nakedape.cc
* * * * * * Linux Services for Small Businesses * * * * * *
* Easy, reliable solutions for small businesses *
*Naked Ape Business Server http://nakedape.cc/r/sms *
signature.asc
Description: This is a digitally signed message part
Re: What to use when no AUTH=
On Mon, 14 Jul 2003, Roman Neuhauser wrote: > better documented, and I got to avoid SASL: > > > http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=sasl+vulnerability&btnG=Google+Search Of course, the vulnerability you're mentioning here was fixed immediately after it was annouced. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: What to use when no AUTH=
Roman Neuhauser wrote: # [EMAIL PROTECTED] / 2003-07-13 09:39:53 -0400: Roman Neuhauser wrote: # [EMAIL PROTECTED] / 2003-07-01 10:25:29 -0400: Since I've heard bad things about Courier's standards complicance, I Care to share some details? Do a google groups search for the keywords "courier imap compliance" or a search for "courier" where the author is "[EMAIL PROTECTED]" and you should get a handful of hits. # [EMAIL PROTECTED] / 2003-07-13 09:55:10 -0400: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=Pine.LNX.4.50.0206050910320.6814-10%40shiva0.cac.washington.edu Well, MrSam's reaction to Crispin's complaints is somewhat Actually, Sam has publicly stated numerous times that some of his code is non-compliant because he doesn't agree with the spec, and therefore won't change it. AFAIK, he has never taken part in any working group discussion on IMAP, which is where he should address these issues. Violating a spec after its been written, isn't the way to go about voicing your complaints. unfortunate even if he has my sympathy. While we're pointing fingers: although I intended to switch to Cyrus (for unrelated reasons) I ended up installing another Courier-IMAPd: much easier, better documented, and I got to avoid SASL: http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=sasl+vulnerability&btnG=Google+Search Cyrus, and no other decent software package that I know of, still _depends_ on SASL v1.5.x. AFAIK, development of this version has stopped, although there have been bugfixes in CVS. BTW, is anyone of you on [EMAIL PROTECTED] http://marc.theaimsgroup.com/?t=10568791511&r=1&w=2 Nope, I use Sendmail. I don't understand why people have such a hard time setting up SASL. If you use either sasldb2 or saslauthd, its trivial. If you use MySQL or LDAP (which I've never tried), it gets a little more complicated. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: What to use when no AUTH=
# [EMAIL PROTECTED] / 2003-07-13 09:39:53 -0400: > Roman Neuhauser wrote: > ># [EMAIL PROTECTED] / 2003-07-01 10:25:29 -0400: > > > >>Since I've heard bad things about Courier's standards complicance, I > > > >Care to share some details? > > Do a google groups search for the keywords "courier imap compliance" or > a search for "courier" where the author is "[EMAIL PROTECTED]" and > you should get a handful of hits. # [EMAIL PROTECTED] / 2003-07-13 09:55:10 -0400: > > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=Pine.LNX.4.50.0206050910320.6814-10%40shiva0.cac.washington.edu Well, MrSam's reaction to Crispin's complaints is somewhat unfortunate even if he has my sympathy. While we're pointing fingers: although I intended to switch to Cyrus (for unrelated reasons) I ended up installing another Courier-IMAPd: much easier, better documented, and I got to avoid SASL: http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=sasl+vulnerability&btnG=Google+Search BTW, is anyone of you on [EMAIL PROTECTED] http://marc.theaimsgroup.com/?t=10568791511&r=1&w=2 -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html
Re: What to use when no AUTH=
On Sun, 13 Jul 2003, Roman Neuhauser wrote: > # [EMAIL PROTECTED] / 2003-07-01 10:25:29 -0400: > > Since I've heard bad things about Courier's standards complicance, I > > Care to share some details? http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=Pine.LNX.4.50.0206050910320.6814-10%40shiva0.cac.washington.edu -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: What to use when no AUTH=
Roman Neuhauser wrote: # [EMAIL PROTECTED] / 2003-07-01 10:25:29 -0400: Since I've heard bad things about Courier's standards complicance, I Care to share some details? Do a google groups search for the keywords "courier imap compliance" or a search for "courier" where the author is "[EMAIL PROTECTED]" and you should get a handful of hits. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: What to use when no AUTH=
# [EMAIL PROTECTED] / 2003-07-01 10:25:29 -0400: > Since I've heard bad things about Courier's standards complicance, I Care to share some details? -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html
Re: What to use when no AUTH=
On Tue, Jul 01, 2003 at 10:25:29AM -0400, Rob Siemborski wrote: > > Since I've heard bad things about Courier's standards complicance, I > can't advocate its use in any way. Don't worry, this is for copying *from* Courier *to* Cyrus :-) > In this case, though, you have to use the plaintext IMAP LOGIN command > (doesn't imtest show what its doing as you log in?). Ah yes.. S: A01 OK AUTHENTICATE completed from cyrus S: L01 OK LOGIN Ok. from courier Thank you! Patrick
Re: What to use when no AUTH=
> S: * CAPABILITY IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT > THREAD=REFERENCES SORT > What mechanism is it using? What is the right thing to do? The IMAP4 LOGIN command, I'd expect. When there's no AUTH= offered, I'd say that's the only thing to do, and pray that you're using SSL/TLS. -- Chris Hilts [EMAIL PROTECTED]
Re: What to use when no AUTH=
On Tue, 1 Jul 2003, Patrick Welche wrote: > When connecting to imap servers with sasl, I thought the plan was to > parse the capability string and add any AUTH= to the mechlist. This > was fine for cyrus :) and UW, but pointing my code at Courier, I > get > > S: * CAPABILITY IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES > SORT > ... > > Now, I am missing something, because cyrus' imtest connects with no problem. > What mechanism is it using? What is the right thing to do? Since I've heard bad things about Courier's standards complicance, I can't advocate its use in any way. In this case, though, you have to use the plaintext IMAP LOGIN command (doesn't imtest show what its doing as you log in?). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
What to use when no AUTH=
When connecting to imap servers with sasl, I thought the plan was to parse the capability string and add any AUTH= to the mechlist. This was fine for cyrus :) and UW, but pointing my code at Courier, I get S: * CAPABILITY IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT ... Now, I am missing something, because cyrus' imtest connects with no problem. What mechanism is it using? What is the right thing to do? Cheers, Patrick
