From: Ken Murchison (no email)
Date: Wed Mar 19 2003 - 09:36:32 EST
Luca Olivetti wrote:
> Marco Colombo wrote:
> > There's no AUTH=xxx entry, so there are *no* available mechs at this
> > point. AFAIK, unsafe mechs (the ones that send passwords in cleartext
> > over the net) are disabled by default. There're enabled if the client
> > requests a TLS connection via STARTTLS.
> Thanks, you're right, if I use -s or -t it works.
Sorry, I forgot to mention this.
> What's strange that now I RTFM and put an "allowplaintext: yes" (also
> tried "allowplaintext: true") in imapd.conf (not a security problem
> since it accepts plaintext connections only from localhost) and still it
> doesn't advertise AUTH=PLAIN:
This option only effects protocol-specific plaintext login commands
(IMAP LOGIN, POP3 USER/PASS), not SASL. You'll notice that if you set
"allowplaintext: no", you see the LOGINDISABLED capability in IMAP, and
USER will not be a POP3 capability.
> $ telnet localhost imap
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
> * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk
> server ready
> 1 capability
> * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT
> LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE
> 1 OK Completed
> 2 logout
> * BYE LOGOUT received
> 2 OK Completed
> Connection closed by foreign host.
> Of course I restarted master after editing imapd.conf
> I also tried adding "sasl_miminum_layer: 0" but that changed nothing
> (and it should be the default).
> > $ cyradm --authz marco --user cyrus localhost
> > Password:
> > devel.ESI> lm
> > INBOX (\HasChildren) INBOX.test2 (\HasNoChildren)
> > INBOX.test (\HasNoChildren)
> > devel.ESI> quit
> > Again, the password I typed was the one of 'cyrus', yet:
> > Mar 19 10:36:07 devel imapd: login: devel.ESI[127.0.0.1] marco SRP User logged in
> > I wasn't able to test PLAIN, because I don't know how to tell cyradm
> > to use TLS.
> It seems there isn't a documented way.
This is correct.
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp