Whoa... don't do that! Cram-MD5 *is* supported by some remote login servers.
It's just not supported when used with vpopmail. Courier-IMAP supports Cram-MD5. Just not with vpopmail. Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net We are actively looking for companies that do a lot of long distance faxing and want to cut their long distance bill by up to 50%. Contact [EMAIL PROTECTED] for more info. ----- Original Message ----- From: "David Guerizec" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 13, 2002 6:49 PM Subject: Re: tmda-ofmipd + vpopmail CRAM-MD5 problem > On Sat, 2002-12-14 at 00:10, Jesse Guardiani wrote: > > So, I simply removed the 'cram-md5' string in the capability > > announcement line. > > > > Is there a better way to disable this? Perhaps a config flag? > > Can you try the attached patch, then restarting your tmda-ofmipd with > the -n option ? > If it's ok, I'll commit it in the main branch, so you won't have to > patch it at each new version. > > > David > > PS: if you receive this message, then at least it works for me ;) > > > ---------------------------------------------------------------------------- ---- Index: tmda-ofmipd =================================================================== RCS file: /cvsroot/tmda/tmda/bin/tmda-ofmipd,v retrieving revision 1.18 diff -u -r1.18 tmda-ofmipd --- tmda-ofmipd 21 Nov 2002 21:13:29 -0000 1.18 +++ tmda-ofmipd 13 Dec 2002 23:43:53 -0000 @@ -36,34 +36,34 @@ -V --version - Print TMDA version information and exit. + Print TMDA version information and exit. -d --debug - Turn on debugging prints. + Turn on debugging prints. -u <username> --username <username> - The username that this program should run under. The default - is to run as the user who starts the program unless that is - root, in which case an attempt to seteuid user `tofmipd' will be - made. Use this option to override these defaults. + The username that this program should run under. The default + is to run as the user who starts the program unless that is + root, in which case an attempt to seteuid user `tofmipd' will be + made. Use this option to override these defaults. -p <host:port> --proxyport <host:port> - The host:port to listen for incoming connections on. The - default is FQDN:8025 (i.e, port 8025 on the fully qualified - domain name for the local host). + The host:port to listen for incoming connections on. The + default is FQDN:8025 (i.e, port 8025 on the fully qualified + domain name for the local host). -R proto[://host[:port]] --remoteauth proto[://host[:port]][/dn] Host to connect to to check username and password. - proto can be one of the following: - `imap' (IMAP4 server) - 'imaps' (IMAP4 server over SSL) - `pop3' (POP3 server) - `apop' (POP3 server with APOP authentication) - `ldap' (LDAP server) + `imap' (IMAP4 server) + 'imaps' (IMAP4 server over SSL) + `pop3' (POP3 server) + `apop' (POP3 server with APOP authentication) + `ldap' (LDAP server) - host defaults to localhost - port defaults to 143 (imap), 993 (imaps), 110 (pop3/apop), 389 (ldap) - dn is mandatory for ldap and should contain a `%%s' identifying @@ -76,8 +76,8 @@ --authprog <program> checkpassword compatible command used to check username/password. e.g, `-A /usr/sbin/checkpassword-pam -s id --stdin -- /bin/true' - The program must be able to receive the username/password pair - on its stdin, and in the following format: + The program must be able to receive the username/password pair + on its stdin, and in the following format: `username\\0password\\0' -a <file> @@ -87,6 +87,15 @@ root/tofmipd, otherwise ~user/.tmda/tofmipd. Use this option to override these defaults. + -n + --nofallback + Use only the specified authentication method, do not fall back + to file authentification (/etc/tofmipd or -a argument). + If more than one method is given, priority order is: + - remoteauth (-R) + - authprog (-A) + - file (-a) + -C <n> --connections <n> Do not handle more than n simultaneous connections. If there @@ -132,6 +141,7 @@ program = sys.argv[0] configdir = None authprog = None +nofallback = None remoteauth = { 'proto': None, 'host': 'localhost', 'port': None, @@ -191,11 +201,12 @@ try: opts, args = getopt.getopt(sys.argv[1:], - 'p:u:R:A:a:c:C:dVh', ['proxyport=', + 'p:u:a:R:A:nc:C:dVh', ['proxyport=', 'username=', 'authfile=', 'remoteauth=', 'authprog=', + 'nofallback=', 'configdir=', 'connections=', 'debug', @@ -216,9 +227,11 @@ elif opt in ('-d', '--debug'): DEBUGSTREAM = sys.stderr elif opt in ('-p', '--proxyport'): - proxyport = arg + proxyport = arg + elif opt in ('-n', '--nofallback'): + nofallback = 1 elif opt in ('-u', '--username'): - username = arg + username = arg elif opt in ('-R', '--remoteauth'): # arg is like: imap://host:port try: @@ -250,13 +263,13 @@ remoteauth['port'], remoteauth['dn']) remoteauth['enable'] = 1 elif opt in ('-A', '--authprog'): - authprog = arg + authprog = arg elif opt in ('-a', '--authfile'): - authfile = arg + authfile = arg elif opt in ('-c', '--configdir'): - configdir = arg + configdir = arg elif opt in ('-C', '--connections'): - connections = arg + connections = arg import asynchat @@ -494,7 +507,11 @@ self.__auth_username = None self.__auth_password = None self.__auth_sasl = None - self.__sasl_types = ['login', 'cram-md5', 'plain'] + if nofallback and (remoteauth['enable'] or authprog): + # CRAM-MD5 does not work with remote login or authprog + self.__sasl_types = ['login', 'plain'] + else: + self.__sasl_types = ['login', 'cram-md5', 'plain'] self.__auth_cram_md5_ticket = '<%s.%s@%s>' % (random.randrange(10000), int(time.time()), FQDN) self.__server = server @@ -535,11 +552,15 @@ # Try first with the remote auth if run_remoteauth(username, password): return 1 + if nofallback: + return 0 if authprog: # Then with the authprog if run_authprog(username, password) == 0: return 1 - # Now we can fall back on the authfile + if nofallback: + return 0 + # Now we can fall back on the authfile authdict = authfile2dict(authfile) if authdict.get(username.lower(), 0) != password: return 0 @@ -562,11 +583,15 @@ # Try first with the remote auth if run_remoteauth(username, password): return 1 + if nofallback: + return 0 if authprog: # Then with the authprog if run_authprog(username, password) == 0: return 1 - # Now we can fall back on the authfile + if nofallback: + return 0 + # Now we can fall back on the authfile authdict = authfile2dict(authfile) if authdict.get(username.lower(), 0) != password: return 0 _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
