Ken Murchison schrieb: > > Simon Matter wrote: > > > > I'm using cyrus-imapd-2.1.1 and cyrus-sasl-2.1.1 and I'm not able to get > > sieveshell working. I'm using saslauthd to authenticate against PAM and > > it does work so far for POP3/IMAP and I finally found the trick to use > > cyradm. But I don't get sieveshell work as expected. > > > > timsieved is running: > > > > [root@dhcp-141-104 root]# telnet localhost sieve > > Trying 127.0.0.1... > > Connected to localhost. > > Escape character is '^]'. > > "IMPLEMENTATION" "Cyrus timsieved v1.1.0" > > "SASL" "DIGEST-MD5 CRAM-MD5 PLAIN LOGIN" > > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > > regex" > > "STARTTLS" > > OK > > > > I tried: > > > > [root@dhcp-141-104 root]# sieveshell --user=test localhost > > connecting to localhost > > Please enter your password:**** > > nable to connect to server: Authentication error at /usr/bin/sieveshell > > line 170, <STDIN> line 1. > > [root@dhcp-141-104 root]# > > > > /var/log/messages shows: > > > > Feb 11 15:48:55 dhcp-141-104 timsieved[12953]: Could not open > > /etc/sasldb2: gdbm_errno=3 > > Feb 11 15:48:55 dhcp-141-104 timsieved[12953]: Could not open > > /etc/sasldb2: gdbm_errno=3 > > Feb 11 15:48:55 dhcp-141-104 timsieved[12953]: no secret in database > > Feb 11 15:48:55 dhcp-141-104 timsieved[12953]: badlogin: > > localhost.localdomain[127.0.0.1] DIGEST-MD5 authentication failure > > > > Any ideas what I did wrong or is it a new 'feature'? > > Thanks! > > The problem is that timsieved is advertising DIGEST and CRAM, which > sieveshell will try to use before any plaintext mechanism. An --auth > option needs to be added to sieveshell (like cyradm) to get around > this. I plan on looking into this. > > If you don't need shared secret mechanisms for any part of your Cyrus > installation, you can either remove these plugins from /usr/lib/sasl2 or > add 'sasl_mech_list: plain' to imapd.conf.
Thank you very much! It works again. I also tried to list different mechs but PLAIN first, but it does not check in the listed order so I really have only PLAIN now which is okay for me. I still don't really understand the SASL thing. Since I'm using PAM for authentication it seems that it is only one more layer between the application and PAM. The PLAIN mech is not a problem for me since I have a sealed server, right? If I configure PAM to use a remote LDAP server with TLS, I should also be secure concerning the network wire. Or do I miss something very important here? Simon > > Ken > -- > Kenneth Murchison Oceana Matrix Ltd. > Software Engineer 21 Princeton Place > 716-662-8973 x26 Orchard Park, NY 14127 > --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
