Hi Ken!
> What works? SASL PLAIN, or IMAP LOGIN command?
You got me ... I think I was not aware of the difference between the LOGIN and
AUTHENTICATE IMAP commands. I'll do my RFC reading. In the meanwhile, here is
what works:
# imtest -a murder -u murder 192.168.6.11
S: * OK v611 Cyrus IMAP4 v2.2.13-Debian-2.2.13-14+b3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
MUPDATE=mupdate://192.168.9.10/
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN murder {6}
S: + go ahead
C: <omitted>
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
Obviously this is the LOGIN command. You're right!
I need to say; I was of the possibly wrong impression that LOGIN is a SASL
mechanism as well, next to PLAIN, partically because of this here:
/usr/lib/sasl2/liblogin.so
Now trying to fource SASL PLAIN:
# imtest -a murder -u murder -m PLAIN 192.168.6.11
S: * OK v611 Cyrus IMAP4 v2.2.13-Debian-2.2.13-14+b3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
MUPDATE=mupdate://192.168.9.10/ AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN bXVyZGVyAG11cmRlcgBNdXJkZXI=
S: A01 NO encryption needed to use mechanism
Authentication failed. generic failure
Security strength factor: 0
So I guess the mechanism isn't advertised despite the plugin is there because I
am not using an encrypted connection.
So what would I do to make the "encryption needed to use mechanism" go away?
Obviously AUTHENTICATE does care while LOGIN doesn't?
The line
sasl_minimum_layer: 0
doesn't do the trick!
Bonus question: Can I tell a Murder backend what mechanism to use to make a
connection to a different backend, for example when attempting a mailbox move?
Regards,
Torsten
-------- Original-Nachricht --------
> Datum: Tue, 22 Dec 2009 09:21:13 -0500
> Von: Ken Murchison <mu...@andrew.cmu.edu>
> An: Torsten Schlabach <tschlab...@gmx.net>
> CC: cyrus-devel@lists.andrew.cmu.edu
> Betreff: Re: PLAIN authentication in Cyrus IMAPd
>
>
> Torsten Schlabach wrote:
> > Hi Ken, Hi David!
> >
> >> I think you have to set "allowplaintext: 1" in your imapd.conf
> >
> > My apologies; i had that, I just forgot to mention.
> >
> > Also making some more experiments, I found that my problem is *not* that
> PLAIN is not enabled. The problem seems to be that it's not accounced in
> the CAPABILITY. It actually does work, even when it's not announced.
>
> What works? SASL PLAIN, or IMAP LOGIN command? I find it hard to
> believe that PLAIN would work if not advertised.
>
> Is the SASL PLAIN plugin installed?
>
> --
> Kenneth Murchison
> Systems Programmer
> Carnegie Mellon University
