[prev in list] [next in list] [prev in thread] [next in thread] 

List:       info-cyrus
Subject:    Re: AUTHENTICATE PLAIN and authz
From:       Dan White <dwhite () olp ! net>
Date:       2012-08-28 15:27:09
Message-ID: 20120828152709.GA7450 () dan ! olp ! net
[Download RAW message or body]

On 08/28/12 10:09 -0500, ktm@rice.edu wrote:
> Hi Cyrus community,
> 
> I am having a problem getting AUTHN/AUTHZ to work with a cyrus
> priviledged user. It fails to authenticate. Using LOGIN it works
> but that does not allow you to proxy. I have the account listed
> in proxyservers:
> 
> imapd.conf-----
> proxyservers: bigadmin
> imapd.conf-----
> 
> Then with telnet:
> 
> 1 AUTHENTICATE PLAIN
> +
> base64{bigadmin\0bigadmin\0bigadminpassword}
> 1 NO authentication failure
> 
> 2 LOGIN bigadmin bigadminpassword
> 2 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=PLAIN \
> COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS \
> NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ \
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN \
> LISTEXT LIST-SUBSCRIBED URLAUTH] User logged in

Verify that your sasl_minimum_layer is set to 0 in this scenario. The
second login isn't technically a sasl authentication, and I don't know if
sasl_minimum_layer applies to it. What do you see in syslog?

Also try using imtest.

> This works fine with a normal user:
> 
> 1 AUTHENTICATE PLAIN
> +
> base64{user\0user\0userpassword}
> 1  OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED COMPRESS=DEFLATE ACL \
> RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT \
> CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT \
> THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN LISTEXT LIST-SUBSCRIBED \
> URLAUTH] Success (tls protection)

You performed tls in this scenario, which makes me wonder if it's a network
protection issue.

-- 
Dan White
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic