Hi Cyrus Users,
We are currently using Cyrus IMAP with Roundcube webmail, and are
looking to implement both SAML or CAS Single Sign-on and Multifactor
Authentication (MFA) for all applications. Currently Cyrus users
authenticate back to Active Directory via SASL ldap_auth and this
remains
Hi everyone
I'm using SOGo as webui for the mail.
SOGo as the capability to manage sieve filters and it's work well with
cyrus.
The only problem, is SOGo as the capability to disable automatically the
sieve filter, but for that it need a account who has the right to modify
sieve filter for
Hi All,
I'm trying to configure Cyrus IMAP so that some user account can ne read
only from fixed IP. The scenario is this:
* there are two employees group
* the first one are mobile employees who access mails from mobile phones
* the second group of employees are person who works in the office
On Mon, Jun 4, 2018, at 7:23 PM, Jean-Christophe Delaye wrote:
> Note, if I choose login mech , it works !
I feel like I've seen something like this before. If I recall correctly, the
DIGEST-MD5 mech doesn't support proxy authentication, so if anything in your
stack has this enabled (possi
On 06/04/2018 03:30 PM, Dan White wrote:
> !!!
> Please be aware that the password for mailproxy was exposed below in
> uuencoded form.
> !!!
Thanks, this is an (internal) lab platform !
I finally focus on the fact that authentication fails if userid and
authid differ.
So, my p
to backend server: authentication failure
From backend:
imap1 cyrus1/master
about to exec /opt/cyrus-imapd_3.0.7-cyrus1/libexec/imapd
imap1 cyrus1/imap[11632]: SASL could not find auxprop plugin, was
searching for '[all]'
The above error is probably not important.
badlogin: cassandra.eurecom.fr
In the log files there is an error from both frontend and backend
From frontend:
cassandra cyrus/imap[19868]:
couldn't authenticate to backend server: authentication failure
From backend:
imap1 cyrus1/master
about to exec /opt/cyrus-imapd_3.0.7-cyrus1/libexec/imapd
imap1 cyrus1/imap[11632]: SASL
Hi,
I've inherited a cyrus mail server and I'm currently learning how it's
setup and would like some advice changing from a NIS to LDAP authentication.
At the moment, the imap server uses NIS to authenticate ssh connections
and I believe to also authenticate users to their mailboxes
On 09/18/15 15:48 +0100, Sunny wrote:
>Hi,
>
>I've inherited a cyrus mail server and I'm currently learning how it's
>setup and would like some advice changing from a NIS to LDAP
>authentication.
>
>At the moment, the imap server uses NIS to authenticate ssh
>connectio
I've inherited a cyrus mail server and I'm currently learning how it's setup
> and would like some advice changing from a NIS to LDAP authentication.
>
> At the moment, the imap server uses NIS to authenticate ssh connections and I
> believe to also authenticate users to their mailboxes
--
Without an authentication line in /etc/mail/access
--
AuthInfo:imap.domain.de I:lmtp-admin P:pass M:DIGEST-MD5
--
I'm getting the following error:
--
Jul 20 02:19:01 mail sendmail[5368]: t6K0GIKP005234:
to=postmas...@domain.de
=imap.domain.de. [xx.xx.xx.xx],
dsn=4.0.0, stat=Deferred: 430 Authentication required
--
This is correct. Adding AuthInfo to /etc/mail/access and add lmtp-admin
to sasldb2 on cyrus side mails are delivered via lmtp to cyrus with
proper authentication. Good.
But after setting tls_cert_file
Hi Dan,
Am Montag, den 20.07.2015, 08:33 -0500 schrieb Dan White:
It appears you may be performing sasl EXTERNAL authentication. Your
auth-facility syslog should confirm that.
How do I do that?
Configuring a restricted mechanism list would prevent that from happening:
lmtp_sasl_mech_list
On 07/20/15 19:15 +0200, Marcus Schopen wrote:
Hi Dan,
Am Montag, den 20.07.2015, 08:33 -0500 schrieb Dan White:
It appears you may be performing sasl EXTERNAL authentication. Your
auth-facility syslog should confirm that.
How do I do that?
libsasl logs to the auth facility. Check your syslog
Hi,
I'm trying to deliver mails via lmtp/tcp from sendmail to cyrus running
on another machine.
sendmail.mc:
--
define(`confLOCAL_MAILER', `cyrusv2')dnl
define(`CYRUSV2_MAILER_ARGS', `TCP imap.domain.de 2003')dnl
--
Without an authentication line in /etc/mail/access
Currently I use pam with pam_mysql for authenticating cyrus accounts
But I frequently run into the issue of mysql connections exceeding limit.
Can I simply use something like Memcached or Redis to authenticate users
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info:
Hello Ram and Cyrus-imap friends,
On Wed, Jul 09, 2014 at 01:32:50PM +0530, Ram wrote:
Currently I use pam with pam_mysql for authenticating cyrus accounts
But I frequently run into the issue of mysql connections exceeding limit.
Can I simply use something like Memcached or Redis to
with too many authentication requests
I run cyrus-sasl with caching on but still see too many connections
going to mysql servers , when actually they are not needed at all
I cannot
get to my notes at the moment, but I'm pretty sure that you find the needed
info somewhere on the net
Am Mittwoch, 9. Juli 2014, 11:19:08 schrieb Willy Offermans:
On Wed, Jul 09, 2014 at 01:32:50PM +0530, Ram wrote:
Currently I use pam with pam_mysql for authenticating cyrus accounts
But I frequently run into the issue of mysql connections exceeding limit.
Can I simply use
Am Mittwoch, 9. Juli 2014, 15:06:16 schrieb Ram:
Most of these these webmail products they really jam the imap servers
with too many authentication requests
I run cyrus-sasl with caching on but still see too many connections
going to mysql servers , when actually they are not needed
On Wed, July 9, 2014 11:36 am, Ram wrote:
Most of these these webmail products they really jam the imap servers
with too many authentication requests
imapproxyd
Eric Luyten, Computing Centre VUB/ULB.
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http
that is not a good idea anyway.
Most of these these webmail products they really jam the imap
servers with too many authentication requests
I run cyrus-sasl with caching on but still see too many connections
going to mysql servers , when actually they are not needed at all
I cannot
get to my
the connections limit in MySQL.
I did .. I have now set it to unreasonable limits.
But I think that is not a good idea anyway.
Most of these these webmail products they really jam the imap
servers with too many authentication requests
I run cyrus-sasl with caching on but still see
Stefan Gofferje wrote, on 10.12.2013 08:17:
There are options?
tls_require_cert: false
tls_imap_require_cert: false
tls_pop3_require_cert: false
tls_lmtp_require_cert: false
tls_sieve_require_cert: false
Why ask for a cert when the config says it's not needed? Or do I see
this too
On 12/10/2013 12:49 PM, Wolfgang Breyha wrote:
cyrus distinguishes between asking for a cert and requiring a cert. I don't
know why, sorry. Sometimes it is practical to ask for a cert and only try to
verify it without enforcing it. But asking for certs while incapable to verify
them (without
Stefan Gofferje wrote, on 10.12.2013 16:33:
Maybe the existing options could just be extended, like in the Postfix
setting for TLS, e.g.
tls_imap_require_cert: no|ask|require
Changing the way how existing options work and breaking compatibility to
existing configurations is most likely not
On 2013-12-07 10:08, Stefan Gofferje wrote:
On 12/03/2013 09:28 PM, Stefan Gofferje wrote:
So why does Thunderbird ask me which certificate to use for
authentication? Does my Cyrus ask for a client certificate or does it
not? ^^
Nobody a clue?
It depends. On IMAPS/POP3S ports cyrus never
On 12/09/2013 03:09 PM, Wolfgang Breyha wrote:
You can either connect to ports 993/995 to prevent the use of client certs
That worked fine :). Thanks. Is it planned to integrate your patch into
Cyrus? It *is* kinda illogical to ask for a client cert when client cert
authentication is explicitly
On 2013-12-09 16:59, Stefan Gofferje wrote:
That worked fine :). Thanks. Is it planned to integrate your patch into
Cyrus? It *is* kinda illogical to ask for a client cert when client cert
authentication is explicitly disabled ^^.
My patch is not suitable for general use. IMO client cert
On 2013-12-09 18:10, Wolfgang Breyha wrote:
I would simply make it dependent of CA availability.
proposed patch for that:
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3830
Greetings, Wolfgang
--
Wolfgang Breyha wbre...@gmx.net | http://www.blafasel.at/
Vienna University Computer Center |
On 12/09/2013 07:10 PM, Wolfgang Breyha wrote:
My patch is not suitable for general use. IMO client cert requests should
either depend on a new option or on the availability of configured CAs.
Both is possible, but I'm not aware of the reason why client certs are
requested historically.
I
On 12/03/2013 09:28 PM, Stefan Gofferje wrote:
So why does Thunderbird ask me which certificate to use for
authentication? Does my Cyrus ask for a client certificate or does it
not? ^^
Nobody a clue?
--
(o_ Stefan Gofferje| SCLT, MCP, CCSA
//\ Reg'd Linux User #247167
Hi,
I have a Cyrus IMAP and Postfix running. Some time ago, I configured
them for TLS and recently, I started to use also Thunderbird on those
and Thunderbird is asking me on startup which certificate to use for
identification for IMAP. Is there a way to tell Cyrus to *not* request
the client
tls_sieve_require_cert: false
What log entries do you see during TLS authentication? Verify that this is
a server side problem with imtest.
--
Dan White
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https
On 12/03/2013 04:39 PM, Dan White wrote:
What log entries do you see during TLS authentication?
Dec 3 19:13:10 home imap[17224]: SSL_accept() succeeded - done
Dec 3 19:13:10 home imap[17224]: starttls: TLSv1 with cipher
DHE-RSA-CAMELLIA256-SHA (256/256 bits new) no authentication
Dec 3 19:13
On 12/03/13 19:52 +0200, Stefan Gofferje wrote:
On 12/03/2013 04:39 PM, Dan White wrote:
What log entries do you see during TLS authentication?
Dec 3 19:13:10 home imap[17224]: SSL_accept() succeeded - done
Dec 3 19:13:10 home imap[17224]: starttls: TLSv1 with cipher
DHE-RSA-CAMELLIA256-SHA
[xxx.xxx.xxx.xxx]
Dec 3 21:20:17 home imap[17567]: Connection reset by peer, closing
connection
imtest -t host
will attempt a starttls connection without submitting a client certificate.
If that succeeds, then it proves that your server supports TLS without
client authentication.
I know
I'm seeing a huge increase in the number of brute force attempts to
authenticate my mail server. Mostly the attempts are directed at SMTP,
and because I'm using the sql plugin the failed attempts result in a
auth.log entry like this:
Apr 19 23:10:42 mail sendmail[17780]: sql plugin doing query
administration
and
[user@other-host ~]$ imtest -a test@administration imap-host
Authenticates just fine.
Charles Bradshaw
On: Mon, 21 Jan 2013 17:47:53 +, Charles Bradshaw wrote
I am seeing an authentication problem when using imtest. I have
cyrus-imapd-utils-2.4.14-1.fc17.i686
The imtest man page
I am seeing an authentication problem when using imtest. I have
cyrus-imapd-utils-2.4.14-1.fc17.i686
The imtest man page says the -r switch specifies the 'realm', but -r does not
seem to work.
I used:
[root@imap-server ~]# saslpasswd2 user
Password ...
and
[root@imap-server ~]# saslpasswd2 cyrus
Hi all ,
I am trying to configure the cyrus + Active directories authentication.
I have cyrus-imapd-2.4.6-5 and Active Directory 2003 2010
The mailbox in cyrus is in format of firstname.lastn...@domain.com
But the problem is attributes of Active directories like
sAMAccountName
Le 03/01/2013 10:07, jayesh shinde a écrit :
Hi all ,
I am trying to configure the cyrus + Active directories authentication.
I have cyrus-imapd-2.4.6-5 and Active Directory 2003 2010
The mailbox in cyrus is in format of firstname.lastn...@domain.com
But the problem is attributes
I am currently running Cyrus IMAP 2.4.13-1.el6 on RHEL6. We currently have a
bunch of IMAP user accounts that authenticate with plaintext+TLS using the
system password data (saslauthd). We would like to add one POP3 account that
authenticates via APOP with no TLS (port 110) using the sasldb2
, such as:
pop3_sasl_pwcheck_method: auxprop
#pop3_sasl_mech_list: (defaults to all mechanisms)
allowapop: 1
Where 'pop3' matches the name you provided to the service in cyrus.conf.
apop is a pseudo-authentication mechanism that is not specified in the
mech_list.
--
Dan White
Cyrus Home Page
On 05/08/11 22:32, Dan White wrote:
Does your cyrus user have permissions to access the saslauthd mux?
Try running your testsaslauthd command as your cyrus user... I'm assuming
that during testing you were using root, or another account.
Aha! Thank you so much. I had checked the permissions
On 06/08/11 11:44 +0100, John wrote:
On 05/08/11 22:32, Dan White wrote:
Does your cyrus user have permissions to access the saslauthd mux?
Try running your testsaslauthd command as your cyrus user... I'm assuming
that during testing you were using root, or another account.
Aha! Thank you so
admins: cyrus
sasl_pwcheck_method: saslauthd
sasl_saslauthd_path: /var/run/saslauthd/mux
allowplaintext: yes
altnamespace: yes
unixhierarchysep: yes
virtdomains: userid
defaultdomain: mydomain.com
hashimapspool: true
Firstly, saslauthd is running to use PAM for authentication and on both
boxes I
before that I fixed the issue with authentication from
Master-Replica in a basic two-host setup in a mysterious way. Funny
thing is that I've managed to successfully replicate from M to R and
vice versa, swapping the roles of the hosts as many times as I wanted.
Everything worked as expected
I've said before that I fixed the issue with authentication from
Master-Replica in a basic two-host setup in a mysterious way. Funny
thing is that I've managed to successfully replicate from M to R and
vice versa, swapping the roles of the hosts as many times as I wanted.
Everything worked
Oh yes I got the same answer privately by anothe user on this list :)
Thanks a lot!
Gabriele.
--
Da: Michael Menge
A: info-cyrus@lists.andrew.cmu.edu
Data: 27 gennaio 2011 9.35.35 CET
Oggetto: Re: sql authentication
Hi
...to bd.. :(
--
Da: Berend de Boer
A: Gabriele Bulfon
Cc: info-cyrus@lists.andrew.cmu.edu
Data: 26 gennaio 2011 18.20.11 CET
Oggetto: Re: sql authentication
Gabriele == Gabriele Bulfon
: sql authentication
Gabriele == Gabriele Bulfon
writes:
GabrieleLast but not least, my password is encrypted. My
Gabrieleapplications usually encrypt the typed password with a
Gabrieleselected algorithm, and matches the two encrypted
Gabrieleresults. I may have no way do decrypt the saved password
Hi,
I've been using cyrus imapd for years using saslauthd against unix
passwd/shadow.
This way it's easy to understand the relation between a user and its
mailbox.
Now I want to integrate authentication with a sql backend, forgetting
about unix users.
I have a postgres db containing users
Gabriele == Gabriele Bulfon gbul...@sonicle.com writes:
Gabriele I would like imapd to authenticate using my db, where
Gabriele login is an email. I've seen many ways to accomplish
Gabriele sql authentication, so I don't know which is the right
Gabriele one. At last, how do I
Yes, I thought about this as a possible way.
Thanks :)
--
Da: Simon Matter
A: Gabriele Bulfon
Cc: info-cyrus@lists.andrew.cmu.edu
Data: 26 gennaio 2011 9.56.11 CET
Oggetto: Re: sql authentication
Hi,
I've been using
Am Mittwoch, den 26.01.2011, 09:56 +0100 schrieb Simon Matter:
Hi,
I could be wrong but I think cyrus doesn't handle this case the way you
want it. I think the @domain.com part will be stripped as configured but
you end up with name.lastname, which will also be used as mailbox name.
-cyrus@lists.andrew.cmu.edu
Data: 26 gennaio 2011 10.59.45 CET
Oggetto: Re: Re: sql authentication
Am Mittwoch, den 26.01.2011, 09:56 +0100 schrieb Simon Matter:
Hi,
I could be wrong but I think cyrus doesn't handle this case the way you
want it. I think the @domain.com part will be stripped
authentication
Am Mittwoch, den 26.01.2011, 09:56 +0100 schrieb Simon Matter:
Hi,
I could be wrong but I think cyrus doesn't handle this case
the way you
want it. I think the @domain.com part will be stripped as
configured
Gabriele == Gabriele Bulfon gbul...@sonicle.com writes:
Gabriele Last but not least, my password is encrypted. My
Gabriele applications usually encrypt the typed password with a
Gabriele selected algorithm, and matches the two encrypted
Gabriele results. I may have no way do
Hi,
I've been using cyrus imapd for years using saslauthd against unix
passwd/shadow.
This way it's easy to understand the relation between a user and its mailbox.
Now I want to integrate authentication with a sql backend, forgetting about
unix users.
I have a postgres db containing users
Cyrus Murder
v2.2.12-Invoca-RPM-2.2.12-20 (master)
Authentication failed. no mechanism available
Security strength factor: 0
And so on.
The problem was the cyrus-sasl-plan and cyrus-sasl-gssapi were not
installed. Once there were installed mupdatetest and ctl_mboxlist -m
worked.
I was able
-2.2.12-20 (master)
Authentication failed. no mechanism available
Security strength factor: 0
Note no mechanisms available. But, I can run the AUTHENTICATE
command with either the PLAIN or LOGIN options, I can authenticate just
fine. Same with the -t '' option, except it goes through TLS
I thought the procedue is to upgrade the back-end servers first.
Mike
Andrew Morgan mor...@orst.edu wrote:
Maybe you need to upgrade the mupdate master to 2.3.16 first?
Andy
--
Michael D. Sofka
Sr. Systems Programmer
Communications Middleware Technologies
Cyrus Home Page:
On 16/07/10 23:49 -0300, Lucas Zinato Carraro wrote:
Can i use differentes methods for authentication ( user: ldap, mupdate +
backend, backend + backend : sasldb )?
( for example users auth in frontend with saslauthd: ldap but frontends
auth in mupdate and backends using /etc/sasldb2 , and auth
+ Can i use differentes methods for authentication ( user: ldap, mupdate +
backend, backend + backend : sasldb ) ?
( for example users auth in frontend with saslauthd: ldap but frontends
auth in mupdate
and backends using /etc/sasldb2 , and auth between backend using another
mech )
Consider
have, using IMAP::Admin have stopped
working.
# cyrsetquota dteed 100
IMAP::Admin [ initialize ]: try NO Login failed: authentication failure
This is cyrus 2.3.7 from Redhat, identifying as:
name : Cyrus IMAPD
version: v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3 2006/07/10 13:46:20
vendor
[24057]: mystore: committing txn 2147489537
Feb 25 20:04:37 ella cyrus/imaps[24057]: starttls: TLSv1 with cipher
AES128-SHA (128/128 bits new) no authentication
Feb 25 20:04:38 ella cyrus/imaps[24057]: login:
c-24-18-177-230.hsd1.wa.comcast.net [24.18.177.230] mike plaintext+TLS U
ser logged in
Why
Hi guys:
I'm configuring a mail system with cyrus with the aggregator concept. The
servers I have are 1 as backend, 1 frontend and a mupdate.
The whole system of sending mail through telnet command works correctly,
however,
authentication from the frontend to the backend does not work and throws
On 11/01/10 14:44 -0300, Oscar Nuñez wrote:
Hi guys:
I'm configuring a mail system with cyrus with the aggregator concept. The
servers I have are 1 as backend, 1 frontend and a mupdate.
The whole system of sending mail through telnet command works correctly,
however,
authentication from
On Mon, 11 Jan 2010, Oscar Nuñez wrote:
Hi guys:
I'm configuring a mail system with cyrus with the aggregator concept. The
servers I have are 1 as backend, 1 frontend and a mupdate.
The whole system of sending mail through telnet command works correctly,
however,
authentication from
authentication to the frontend system will need to succeed before
the proxy authentication to the backend happens.
Verify your sasl_pwcheck_method and sasl_* config items are correct on the
frontend.
--
Dan White
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu
,
Are these logs from the frontend or backend?
Dan,
These logs are the frontend.
The user authentication to the frontend system will need to succeed before
the proxy authentication to the backend happens.
Verify your sasl_pwcheck_method and sasl_* config items are correct on the
frontend
, Oscar Nuñez wrote:
Hi guys:
I'm configuring a mail system with cyrus with the aggregator concept. The
servers I have are 1 as backend, 1 frontend and a mupdate.
The whole system of sending mail through telnet command works correctly,
however,
authentication from the frontend to the backend
On 11/01/10 15:56 -0300, Oscar Nuñez wrote:
configdirectory: /var/imap
partition-default: /var/spool/imap
servername: Server_4.mat.utfsm.cl
allowplaintext: yes
allowusermoves: yes
allowsubscribes: yes
admins: cyrus
sievedir: /var/imap/sieve
sendmail: /usr/sbin/sendmail
sasl_minimum_layer: 0
On Mon, Jan 11, 2010 at 4:35 PM, Dan White dwh...@olp.net wrote:
Do you have a user named john in sasldb2 on your frontend?
OH thanks that was my mistakes. The user john I had in backend and mupdate
but not in frontend.
Tank you very much.
--
ATTE
Oscar Núñez
Estudiante Ing. Civil
I'd like to configure cyrus to authenticate via an additional backup
LDAP server when the main one fails.
Is it possible?
--
ToMasz
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info:
On Thu, 2009-12-17 at 14:35 +0100, nunatarsuaq wrote:
I'd like to configure cyrus to authenticate via an additional backup
LDAP server when the main one fails.
Is it possible?
You didn't give us much to go on, such as which version of Cyrus or
which authentication method you are using
Dan White wrote:
On 28/10/09 00:47 -0700, Maria McKinley wrote:
ella:/var/log# testsaslauthd -u test -p xxx -s smtp
0: OK Success.
ella:/var/log# testsaslauthd -u test -p xxx -s imaps
0: NO authentication failed
ella:/var/log# testsaslauthd -u test -p xxx -s imap
0: OK Success.
Can you
Dan White wrote:
On 28/10/09 00:47 -0700, Maria McKinley wrote:
ella:/var/log# testsaslauthd -u test -p xxx -s smtp
0: OK Success.
ella:/var/log# testsaslauthd -u test -p xxx -s imaps
0: NO authentication failed
ella:/var/log# testsaslauthd -u test -p xxx -s imap
0: OK Success.
Can you
Simon Matter wrote:
Dan White wrote:
On 28/10/09 00:47 -0700, Maria McKinley wrote:
ella:/var/log# testsaslauthd -u test -p xxx -s smtp
0: OK Success.
ella:/var/log# testsaslauthd -u test -p xxx -s imaps
0: NO authentication failed
ella:/var/log# testsaslauthd -u test -p xxx -s imap
0: OK
On Thu, 29 Oct 2009, Simon Matter wrote:
Dan White wrote:
On 28/10/09 00:47 -0700, Maria McKinley wrote:
ella:/var/log# testsaslauthd -u test -p xxx -s smtp
0: OK Success.
ella:/var/log# testsaslauthd -u test -p xxx -s imaps
0: NO authentication failed
ella:/var/log# testsaslauthd -u test
On Thu, Oct 29, 2009 at 10:00:54AM -0700, Andrew Morgan wrote:
I always thought that it uses the service name from cyrus.conf (the first
column on a service definition), but now that I look at my own systems I
see that I am missing the /etc/pam.d/imaps file as well. Go figure!
... and if
On 28/10/09 00:47 -0700, Maria McKinley wrote:
ella:/var/log# testsaslauthd -u test -p xxx -s smtp
0: OK Success.
ella:/var/log# testsaslauthd -u test -p xxx -s imaps
0: NO authentication failed
ella:/var/log# testsaslauthd -u test -p xxx -s imap
0: OK Success.
Can you provide sanitized copies
Hi,
Frédéric MERCIER schrieb:
Whith the defaultdomain option set to mydomain.net, the authentication
don't work anymore because it try to authenticate with test instead of
t...@mydomain.net
You may have to check of that before. Otherwise all users have to change
their authentication
Hi,
I have actually a cyrus IMAP server which work fine from a long time
with an saslauthd and pam.
I want to switch from salsauthd to salsdb2 to be able to use a secure
authentication (DIGEST-MD5 and CRAM-MD5).
My new configuration work fine for authentication, but with the sasldb2
one, I
On Wed, 23 Sep 2009, Frédéric MERCIER wrote:
Hi,
I have actually a cyrus IMAP server which work fine from a long time
with an saslauthd and pam.
I want to switch from salsauthd to salsdb2 to be able to use a secure
authentication (DIGEST-MD5 and CRAM-MD5).
My new configuration work fine
Andrew Morgan a écrit :
On Wed, 23 Sep 2009, Frédéric MERCIER wrote:
Hi,
I have actually a cyrus IMAP server which work fine from a long time
with an saslauthd and pam.
I want to switch from salsauthd to salsdb2 to be able to use a secure
authentication (DIGEST-MD5 and CRAM-MD5).
My new
On 23/09/09 21:30 +0200, Frédéric MERCIER wrote:
Authentication with sasldb2 :
myserver:~# telnet localhost 993
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=CRAM-MD5
AUTH=DIGEST-MD5 SASL-IR COMPRESS
Dan White a écrit :
On 23/09/09 21:30 +0200, Frédéric MERCIER wrote:
Authentication with sasldb2 :
myserver:~# telnet localhost 993
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=CRAM-MD5
AUTH=DIGEST-MD5
On Thu, Aug 6, 2009 at 11:16 PM, Lucas Zinato Carraroluca...@gmail.com wrote:
Hello,
I have a mail cluster with cyrus murder (imap agreggator ) .
In some machines imapd.conf has some passwords parameters in clear
text
.
mail1_password: secret
mail2_password: secret
Hello,
I have a mail cluster with cyrus murder (imap agreggator ) .
In some machines imapd.conf has some passwords parameters in clear
text
.
mail1_password: secret
mail2_password: secret
mupdate_password: topsecret
...
I use ldap as backend for cyrus sasl
and I have murder
Thank you for your suggestions! I figured out what was the problem in my
case.
This was the OPTIONS setting in /etc/deafault/saslauthd. Since I run my
Postfix chrooted I had:
OPTIONS=-c -m /var/spool/postfix/var/run/saslauthd
In order for cyradm to identify users using I saslauthd, I also added
Hello,
I have a problem with Cyrus IMAP SASL authentication.
When I try to login to create Cyrus IMAP mailboxes, I see the following:
$ cyradm --user cyrus --auth login localhost
IMAP Password:
Login failed: generic failure at /usr/lib/perl5/Cyrus/IMAP/Admin.pm line 119
cyradm: cannot
Here is an extract from my imapd.conf file:
admins: cyrus
imap_admins: cyrus
sasl_mech_list: LOGIN
sasl_minimum_layer: 1
sasl_maximum_layer: 256
sasl_pwcheck_method: saslauthd
Maybe it's because of sasl_minimum_layer: 1
LOGIN gives you no security layer.
--
Vladimir Vassiliev
Vladimir Vassiliev wrote, at 06/17/2009 09:02 AM:
Here is an extract from my imapd.conf file:
admins: cyrus
imap_admins: cyrus
sasl_mech_list: LOGIN
sasl_minimum_layer: 1
sasl_maximum_layer: 256
sasl_pwcheck_method: saslauthd
Maybe it's because of sasl_minimum_layer: 1
LOGIN gives you
David Mayo wrote:
Hi guys,
This morning we created a principal mupd...@bath.ac.uk and added that
to the key tab on sauber for the IMAP server, and it authenticated fine.
It would appear there is a bug somewhere meaning that
primary/insta...@realm style principals cannot be used as clients
Hi guys,
We are upgrading to cyrus-imap-2.3.14 and are looking at using mupdate
for the first time, but we are having problems with the GSSAPI
authentication between mupdate hosts.
We have two servers - sauber and tyrrell. sauber is one of the backend
hosts and tyrrell is the mupdate master. We
, so trying this out.br
br
I have a postfix relay server and a (local) cyrus imap server on the
same machine. Everything was fine until I thought, I change the imap
authentication from sasldb to saslauth, to have global authentication
on postfix and cyrus.br
Postfix uses saslauthd, which
for help here, but I didn't find any answer
elsewhere, so trying this out.br
br
I have a postfix relay server and a (local) cyrus imap server on the
same machine. Everything was fine until I thought, I change the imap
authentication from sasldb to saslauth, to have global authentication
I have a postfix relay server and a (local) cyrus imap server on the
same machine. Everything was fine until I thought, I change the imap
authentication from sasldb to saslauth, to have global authentication
on postfix and cyrus.br
Postfix uses saslauthd, which is configured for PAM. It works
1 - 100 of 912 matches
Mail list logo