Thomas Börnert wrote:
Yes, DIGEST-MD5 don't work too :-(.
Why is it working with sasldb2 (auxprop) ?
The mechanisms need the plaintext password (or plaintext equivalent)
stored in the auxprop backend. The SQL auxprop that ships with SASL
will work correctly unless you've patched it to store encrypted
passwords, in which case the SQL auxprop will only work for plaintext
SASL mechanisms and plaintext authentication protocol commands.
There exists an patch for cyrus with auxprop/mysql.
Have anyone tested it ?
Thanks.
-Thomas
On Mon, 2005-07-11 at 08:19 -0400, Ken Murchison wrote:
Thomas Börnert wrote:
hi list,
ntlm with evolution or outlook isn't working:
imap[17765]: badlogin: localhost.localdomain [127.0.0.1] NTLM [SASL
(-13): authentication failure: incorrect NTLM response]
i've found: if i use sasldb2 then it works.
if i use the mysql setup below that it won't work :-(.
Do CRAM-MD5 or DIGEST-MD5 work with mysql?
have anyone an idea ?
My guess is that you are encrypting the passwords in your mysql
database, which will cause non-plaintext mechanisms like NTLM and
DIGEST-MD5 to fail.
my imapd.conf
<---------------------- snip ----------------------->
configdirectory: /var/lib/imap
#duplicatesuppression: 0
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
autocreatequota: 1000000
quotawarn: 90
timeout: 30
poptimeout: 10
#popminpoll: 1
servername: pop.domain.net
sievedir: /var/lib/imap/sieve
sieve_maxscriptsize: 32
sieve_maxscripts: 5
sendmail: /usr/sbin/sendmail
hashimapspool: true
allowplaintext: yes
sasl_pwcheck_method: saslauthd
sasl_mech_list: LOGIN PLAIN NTLM DIGEST-MD5 CRAM-MD5
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_ca_file: /usr/share/ssl/certs/cyrus-imapd.pem
sasl_sql_engine: mysql
sasl_sql_hostnames: localhost
sasl_sql_user: mail
sasl_sql_passwd: secret
sasl_sql_database: mail
sasl_sql_select: select password from accountuser where username = '%u'
<---------------------- snip ----------------------->
my cyrus.conf
<---------------------- snip ----------------------->
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="[localhost]:imap" prefork=5
imaps cmd="imapd -s" listen="[localhost]:imaps" prefork=1
pop3 cmd="pop3d" listen="[pop]:pop3" prefork=3
pop3s cmd="pop3d -s" listen="[pop]:pop3s" prefork=1
sieve cmd="timsieved" listen="[localhost]:sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="[localhost]:lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
# create SQUAT indexes for all mailboxes
squatter cmd="/usr/lib/cyrus-imapd/squatter -r user.%" at=401
}
<---------------------- snip ----------------------->
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html