Cillian Sharkey wrote:
>
> [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > When I log onto cyradm, the first prompt I recieve is:
> >
> > 'Please enter your password:'
> >
> > ...which never works ( I'm using pam_mysql for auth ), and subsequently
> > generates the following log:
> >
> > Jul 9 23:36:35 shnarf imapd[4912]: badlogin:
> > shnarf.axcelerant.com[192.168.240.66] PLAIN no mechanism available
>
> Currently, the PLAIN auth mechanism only becomes available when the session is
> encrypted (i.e. over SSL/TLS) - hence the error "no mechanism available". The
> first password prompt above is from sasl.
>
> cyradm then falls back to the IMAP LOGIN method and it prompts for a password
> as below:
>
> > ... and *then* I get the 'IMAP Password:' prompt ( after a short but
> > annoying pause ), which works as it should, allowing me to begin my cyradm
> > session.
> [..]
> > I'd like to do whatever may be required ( whether via cyrus, or via Postfix
> > - I know there's got to be some postfix-cyrus user out there ), in order to
> > disable and completely 'nix that first prompt.
>
> Nothing to do with Postfix. Just run cyradm like:
> cyradm --auth login ...
>
> [IMO the PLAIN auth mechanism should be enabled when allowplaintext is
> enabled, regardless of an SSL session]
>From RFC2595:
"The PLAIN SASL mechanism MUST NOT be advertised or used unless a strong
encryption layer (such as the provided by TLS) is active or backwards
compatibility dictates otherwise."
The problem isn't with imapd, cyradm shouldn't be trying to use
AUTH=PLAIN if it isn't advertised. I'm not a perl expert, but I'll take
a look.
Ken
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
