hi all,
one step at a time with this business ... =)
i've:
Cyrus-SASL-2.1.9 Cyrus-IMAP-2.2.8
built on OSX.
after verifying that my imtest etc. are actually linked to the RIGHT libsasl (previous post), i can verify LOGIN AUTH works:
% imtest -t "" -m LOGIN -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap testserver.testdomain.com
S: C01 OK Completed Please enter your password: C: L01 LOGIN [EMAIL PROTECTED] {6} S: + go ahead C: <omitted> S: L01 OK User logged in Authenticated. Security strength factor: 256
as well as PLAIN AUTH w/ a TLS WRAPPER
% imtest -t "" -m PLAIN -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap testserver.testdomain.com
S: C01 OK Completed Please enter your password: C: A01 AUTHENTICATE PLAIN c2l0ZbmNlLWdyb3VwLm5lHJlc2pbkB0aVuY2UWFkbWluQHRpZWRnYXIuaW50ZXJuYWwucmFsLnByZXNltZ3JvdXAubmV0AHNpdGVhZG1WVkZ2FyLmludGVybdABDSEFOR0U= S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256
BUT, neither CRAM-MD5 nor DIGEST-MD5 seem to work:
% imtest -t "" -m CRAM-MD5 -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap testserver.testdomain.com
S: C01 OK Completed C: A01 AUTHENTICATE CRAM-MD5 S: A01 NO no mechanism available Authentication failed. generic failure Security strength factor: 256
% imtest -t "" -m DIGEST-MD5 -u [EMAIL PROTECTED] -a [EMAIL PROTECTED] -p imap testserver.testdomain.com
S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 S: A01 NO no mechanism available Authentication failed. generic failure Security strength factor: 256
tailing system.log, i see:
imap[892]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication imap[893]: badlogin: testserver.testdomain.com [10.0.0.1] CRAM-MD5 [SASL(-4): no mechanism available: security flags do not match required]
imap[899]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication imap[900]: badlogin: testserver.testdomain.com [10.0.0.1] DIGEST-MD5 [SASL(-4): no mechanism available: security flags do not match required]
, respectively.
checking in my SASL plugin dir (/usr/local/cyrus-sasl/lib/sasl2) it looks as if all the appropriate modules are there ...
i'm a mite confused as to why ONE mechanism IS available (PLAIN), and the others are not.
pointers in the right direction?
thx,
richard --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html