The only way I had netscape to authenticate using PLAINTEXT was by
removing the LOGIN method from SASL. It seems that Netscape will use
LOGIN if it is available, otherwise it uses PLAINTEXT.
Anyone can confirm this?
--
marc - (http://register4less.com)
If marriage is outlawed, only outlaws will have inlaws.
Juan Leon wrote:
>
> I have tried about a million things. I am going to rant a bit
> hoping that something rings a bell and some advice miraculously
> pours forth. This is with SASL 1.5.24, cyrus 1.6.24 and 2.0.9,
> Linux 2.2.16 (RH 7.0). I will be eternally grateful if you can
> help.
>
> I am trying to install a cyrus that works with Mulberry and
> Netscape. I got both 2.0.9 and 1.6.24 working with Mulberry
> with DIGEST-MD5, etc. But none gives me PLAIN for Netscape (or
> Mulberry). SASL's sample-server reports that SASL is offering
> everything except ANONYMOUS, so that would not appear to be the
> problem.
>
> So I read in the docs for cyrus 1.5.<something> that PLAIN
> won't show up but that it works as LOGIN. I am not sure what
> this means: does cyrus' LOGIN become SASL's PLAIN? Does Cyrus
> LOGIN become SASL's LOGIN? Neither? Apparently the latter:
> my /usr/lib/sasl/Cyrus.conf (and imap.conf and cyrus.conf for
> good measure) has pwcheck_method: sasldb. I check via ldd
> and strace that, indeed, this is the right config directory.
> Yet per the auth.log (which PAM, unlike SASL, is civilized
> enough to use) cyrus insists on trying to authenticate
> LOGIN through PAM, which fails because it is user cyrus requesting
> the auth.
>
> OK, in the cyrus docs for version 2.0.9 I read that I need to
> enable STARTTLS in order for PLAIN to show up (another approach).
> I have enabled STARTTLS as far as I know, but Netscape is still
> failing. Does cyrus pretend to not grok TLS if there is no
> certificate? I will put one in, but there are only so many
> things I can try in a week.
>
> On a mostly unrelated note, sendmail is failing to authenticate via
> DIGEST-MD5 or anything else (I have recompiled it with
> GroupWriteUnsafeSASL or whatever). This, and the above, makes
> me want BAD to put a trace on SASL. I have tried redefining the
> VL macro to syslog, but this makes everything fail. Is there
> a way of finding out what SASL is doing? It certainly doesn't
> output anything to auth.log (or any other log) of its own will.
> I will ask this in the sasl list, but I thought you might know.
>
> Thanks a lot for any help. If I resolve this, I promise I will
> write an answer to some of those future FAQs that are pending.
>
> Juan
