hi all,
i'm unable to auth PLAIN under TLS layer to my IMSP server via auxprop.
is it even posssible?
details of what i've found follow below.
pointers/clarifiation much appreciated!
thx,
richard
=================================
i've
cyrus-imap-2.2.8 cyrus-sasl-2.1.20 postfix-2.2-20041023-tls
on OSX 10.3.6
i've setup imap to use:
sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql
and config'd for authentication & smtp _only_ under a TLS layer.
everything is working as expected.
now, i'd like to add IMSP to the equation. since i'm using SASL2 plugins, imsp v1.7b is a no-go, so i've DL'd & built
cyrus-imspd-CVS
IIUC, imspd *can* authenticate via PLAINTEXT & Kerberos, and if HAVE_SSL is defined, operation under a TLS layer is turned on. as my target is PLAINTEXT auth over TLS -- just like my imap setup, this seems the right direction ...
but, it seems AUTH is only supported via sasldb, NOT auxprop+sql. am i correct here?
i've found no info (yet) re: use of auxprop-based auth with IMSP ...
'blindly' trying additions to the imsp/options file to mirror my imap/sasl config, such as:
imsp.sasl.pwcheck_method N auxprop imsp.sasl.mech_list N (plain) imsp.sasl.auxprop_plugin sql imsp.sasl.sql_hostnames N localhost imsp.sasl.sql_database N mail imsp.sasl.sql_user N mail imsp.sasl.sql_passwd N ######### imsp.sasl.sql_statement N select password from accountuser where username='[EMAIL PROTECTED]' or (username='%u' and domain_name='')
does no obvious good, and my syslog still shows:
imsp[23498]: sql_select option missing imsp[23498]: auxpropfunc error no mechanism available imsp[23498]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql imsp[23498]: sql_select option missing imsp[23498]: auxpropfunc error no mechanism available imsp[23498]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql imsp[23498]: sql_select option missing imsp[23498]: auxpropfunc error no mechanism available imsp[23498]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql imsp[23498]: imspd: start
nonetheless, imspd *does* launch. if, foru yucks, i 'imtest' to it:
% imtest -p imsp -m PLAIN -t "" testserver.internal.testdomain.com
with plaintext disabled
imsp.sasl.allowplaintext N -
i get a message that TLS is *not* supported.
S: * OK Cyrus IMSP version 1.7b ready C: C01 CAPABILITY S: * CAPABILITY AUTH=SRP AUTH=SRP AUTH=SRP AUTH=OTP AUTH=OTP AUTH=OTP AUTH=NTLM AUTH=NTLM AUTH=NTLM AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 AUTH=CRAM-MD5 LITERAL+ S: C01 OK capability completed failure: STARTTLS not supported by the server!
note: as expected, no PLAIN auth is advertised.
on the other hand, 'imtest' with plaintext ENabled
imsp.sasl.allowplaintext N +
results in:
kernel: at_obdev_KUC: registerTaskRule: call of newTaskEntry: FATAL !!!!! MALLOC FAILEDat_obdev_KUC:
kernel: newTaskEntry: attempt to create task with NULL path
NOT good. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
