This works for me under v2.4.18. I'm able to run sieveshell against a
frontend or backend authenticating as a cyrus "admins" user or a
"proxyservers" user (on the backend).
Against a frontend:
# sieveshell -u morgan -a cyrus imap.onid.oregonstate.edu
connecting to imap.onid.oregonstate.edu
Please enter your password:
list
onid-web
real <- active script
quit
Against a backend:
# sieveshell -u morgan -a cyr_proxy cyrus-be1.onid.oregonstate.edu
connecting to cyrus-be1.onid.oregonstate.edu
Please enter your password:
list
onid-web
real <- active script
quit
My imapd.conf settings:
admins: cyrus
allowplaintext: 0
sasl_mech_list: PLAIN
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
sieve_allowreferrals: 0
sieve_allowplaintext: 1
Have you tried using the "sivtest" program? It will show you the protocol
handshakes, which might help. Here is an example for me:
# sivtest -u morgan -a cyrus localhost
S: "IMPLEMENTATION" "Cyrus timsieved (Murder) v2.4.18"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags
notify envelope body relational regex subaddress copy"
S: "STARTTLS"
S: "UNAUTHENTICATE"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {28+}
<redacted>
S: OK
Authenticated.
Security strength factor: 0
C: LOGOUT
OK "Logout Complete"
Connection closed.
Andy
On Sun, 20 Nov 2016, Michael Ulitskiy via Info-cyrus wrote:
Since nobody answered, I guess, nobody has any idea.
I wonder if anybody uses this feature and it works for you?
I mean I'd like to know if that's just me and something is wrong with my setup
or may be that feature isn't functional at all?
Thanks in advance,
Michael
On Thursday, November 17, 2016 06:30:18 PM Michael Ulitskiy via Info-cyrus
wrote:
Hello,
I'm playing with cyrus-imap 2.5.10 and cyrus-sasl 2.1.26.
i'm trying to use sieveshell to setup users sieve scripts, but since
i don't know users passwords i want to use a special user for authentication
and authorize as the target user.
Here's what I have.
imapd.conf:
admins: mailadmin
proxyservers: proxyadmin
sasl_pwcheck_method: saslauthd
#sasl_pwcheck_method: alwaystrue
sasl_mech_list: PLAIN
allowplaintext: yes
here's what i do:
root@rway-imap-vm:~# sieveshell -a proxyadmin -u t...@virtualcrap.com localhost
connecting to localhost
Please enter your password:
unable to connect to server at /usr/bin/sieveshell line 191, <STDIN> line 1.
here's the log:
Nov 17 18:24:44 rway-imap-vm sieve[2256]: TLS is available.
Nov 17 18:24:46 rway-imap-vm saslauthd[1169]: pam_userdb(sieve:auth): user
'proxyadmin' granted access
Nov 17 18:24:46 rway-imap-vm sieve[2256]: badlogin: localhost [127.0.0.1] PLAIN
no mechanism available
Nov 17 18:24:46 rway-imap-vm sieve[2256]: Lost connection to client -- exiting
as you can see user proxyadmin authenticated successfully, but then something
(authorization?) went wrong
and it says "PLAIN no mechanism available".
this only happens if i try to authorize as different user. if i don't
everything works fine:
root@rway-imap-vm:~# sieveshell -a t...@virtualcrap.com -u t...@virtualcrap.com
localhost
connecting to localhost
Please enter your password:
log:
Nov 17 18:24:11 rway-imap-vm sieve[2247]: TLS is available.
Nov 17 18:24:15 rway-imap-vm saslauthd[1167]: pam_userdb(sieve:auth): user
't...@virtualcrap.com' granted access
Nov 17 18:24:15 rway-imap-vm sieve[2247]: login: localhost [127.0.0.1]
t...@virtualcrap.com PLAIN User logged in
the same happends to cyradm:
root@rway-imap-vm:~# cyradm --user=proxyadmin --authz=t...@virtualcrap.com
--auth=plain localhost
Password:
IMAP Password:
log:
Nov 17 18:26:27 rway-imap-vm saslauthd[1166]: pam_userdb(imap:auth): user
'proxyadmin' granted access
Nov 17 18:26:27 rway-imap-vm imap[2277]: badlogin: localhost [127.0.0.1] PLAIN
[SASL(-4): no mechanism available: Unable to find a callback: 32773]
but ok without trying to authorize as different user:
root@rway-imap-vm:~# cyradm --user=t...@virtualcrap.com --auth=plain localhost
Password:
localhost>
Nov 17 18:27:31 rway-imap-vm saslauthd[1167]: pam_userdb(imap:auth): user
't...@virtualcrap.com' granted access
Nov 17 18:27:31 rway-imap-vm imap[2276]: login: localhost [127.0.0.1]
t...@virtualcrap.com PLAIN User logged in
SESSIONID=<rway-imap.aceinnovative.com-2276-1479425249-1-16233364852996823733>
Can somebody tell me what I am doing wrong?
Thanks a lot,
Michael
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
