On Mon, 7 May 2001, Lawrence Greenfield wrote:
> Date: Mon, 7 May 2001 13:37:42 -0300 (ADT)
> From: "Marc G. Fournier" <[EMAIL PROTECTED]>
>
> [...]
> If I do an 'saslpasswd -d marc' to remove myself from the sasldb file,
> then try and re-connect with pine, I get the following error:
>
> May 7 13:21:00 new-relay imapd[66067]: badlogin:
>atelier.acadiau.ca[131.162.138.223] CRAM-MD5 authentication failure [no secret in
>database]
>
> Cyrus is advertising CRAM-MD5, which always uses /etc/sasldb, because
> the file exists.
>
> However, since there's no secret for the user "marc" in /etc/sasldb,
> Pine can't use CRAM-MD5.
>
> Either remove the CRAM-MD5 plugin, remove /etc/sasldb, or configure
> Pine to not use CRAM-MD5.
Okay, is there any way of setting it up so that, if someone logs in, they
issue their passwd, the system checks:
/etc/sasldb
- that fails, check through PAM
- that succeeds, add/update entry to sasldb
so that their first login might be insecure, but subsequent ones will use
a more secure encryption?
I thought the 'sasl_auto_transition' was *supposed* to do that, but have
never succeeded in getting that to work ...
Thanks ...
