Re: [SOGo] SOGo2.0 RC1. Secure Cyrus imapd configuration (sasl_pwcheck_method)
Dear Marc, Am Donnerstag, den 12.04.2012, 14:13 +0200 schrieb Marc Patermann: > Michael, > > Michael Wallner (sogo) schrieb (12.04.2012 13:17 Uhr): > > > imapd.conf: > > sasl_pwcheck_method: saslauthdfor any host but localhost > > or > > sasl_pwcheck_method: alwaystrue for localhost > > > > > > So has any reader find a way to implement this securely? > I think the following should work: > - define different services in cyrus.conf for localhost and the public >interface "listen="; like imap and imaplocal > - set sasl_pwcheck_method: alwaystrue for your localhost service with >imaplocal_sasl_pwcheck_method: alwaystrue. > > http://www.irbs.net/internet/info-cyrus/0810/0152.html > > If you have further questions, I think your problem is better suited at > info-cy...@lists.andrew.cmu.edu. > > Marc Thank you, this was the solution! -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] SOGo2.0 RC1. Secure Cyrus imapd configuration (sasl_pwcheck_method)
First of all my congratulations for the first rc! We are working on an step by step howto for SOGo 2.0 and are stuck on this question: has anyone found an solution for this problem using cyrus imapd and sogo 2.0 RC1? SOGo Native Microsoft Outlook Configuration.pdf: "...Important note: the mode of authentication in use by Windows with Samba and Exchange servers prevent the backend from actually knowing the real password being used by the user. This implies that the IMAP server configured for use by the SOGo backend must accept any password from the host on which Samba is running. Due to the different type of IMAP servers, it is left to the reader to find a way to implement this securely in her/his installation. ©." So what is needed is an SASL pwcheck over LDAP for any host but localhost and SASL pwcheck alwaystrue for localhost. imapd.conf: sasl_pwcheck_method: saslauthdfor any host but localhost or sasl_pwcheck_method: alwaystrue for localhost So has any reader find a way to implement this securely? Thanks in advance and best regards Michael Wallner -- users@sogo.nu https://inverse.ca/sogo/lists