Re: how to proxy for a user [was Re: Geographically Redundant mailstores]

From: Ken Murchison (no email)
Date: Wed Mar 19 2003 - 09:36:32 EST


Luca Olivetti wrote:
>
> Marco Colombo wrote:
>
> > There's no AUTH=xxx entry, so there are *no* available mechs at this
> > point. AFAIK, unsafe mechs (the ones that send passwords in cleartext
> > over the net) are disabled by default. There're enabled if the client
> > requests a TLS connection via STARTTLS.
>
> Thanks, you're right, if I use -s or -t it works.

Sorry, I forgot to mention this.

> What's strange that now I RTFM and put an "allowplaintext: yes" (also
> tried "allowplaintext: true") in imapd.conf (not a security problem
> since it accepts plaintext connections only from localhost) and still it
> doesn't advertise AUTH=PLAIN:

This option only effects protocol-specific plaintext login commands
(IMAP LOGIN, POP3 USER/PASS), not SASL. You'll notice that if you set
"allowplaintext: no", you see the LOGINDISABLED capability in IMAP, and
USER will not be a POP3 capability.

> $ telnet localhost imap
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
> * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk
> server ready
> 1 capability
> * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT
> LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
> 1 OK Completed
> 2 logout
> * BYE LOGOUT received
> 2 OK Completed
> Connection closed by foreign host.
>
> Of course I restarted master after editing imapd.conf
> I also tried adding "sasl_miminum_layer: 0" but that changed nothing
> (and it should be the default).
>
> [....]
> > $ cyradm --authz marco --user cyrus localhost
> > Password:
> > devel.ESI> lm
> > INBOX (\HasChildren) INBOX.test2 (\HasNoChildren)
> > INBOX.test (\HasNoChildren)
> > devel.ESI> quit
> >
> > Again, the password I typed was the one of 'cyrus', yet:
> >
> > Mar 19 10:36:07 devel imapd[31845]: login: devel.ESI[127.0.0.1] marco SRP User logged in
> >
> > I wasn't able to test PLAIN, because I don't know how to tell cyradm
> > to use TLS.
>
> It seems there isn't a documented way.

This is correct.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD