On Sat, Oct 05, 2002 at 12:53:46PM -0400, Ken Murchison wrote: > Quoting Matt Bernstein <[EMAIL PROTECTED]>: > > > At 09:24 -0400 Ken Murchison wrote: > > > > >> Telnet-ing to port 2000 gives me: > > >> > > >> "IMPLEMENTATION" "Cyrus timsieved v1.1.0" > > >> "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > > >> relational regex" > > >> OK > > >> > > >> ..and "STARTTLS" if I configure it. But there's no "SASL" line. > > > > >I'm guessing that one of two things is happening: > > > > > >1. you have allowplaintext:no in imapd.conf > > > > nope :) In fact I'd even tried explicitly "allowplaintext: yes". > > > > >2. you installed SASL in a non-default location and Cyrus can't find the > > >plugins. If you do: > > > > > >imtest -t '' -a <user> -u <user> <server> > > > > [mangled by pine justifying my middle button paste :)] > > > > S: * OK vicar Cyrus IMAP4 v2.1.9 server ready > > C: C01 CAPABILITY > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT > > THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT > > LIST-SUBSCRIBED ANNOTATEMORE > > S: C01 OK Completed > > C: S01 STARTTLS > > S: S01 OK Begin TLS negotiation now > > verify error:num=19:self signed certificate in certificate chain > > TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits) > > C: C01 CAPABILITY > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT > > THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=LOGIN > > AUTH=PLAIN LISTEXT LIST-SUBSCRIBED ANNOTATEMORE > > S: C01 OK Completed > > C: A01 AUTHENTICATE LOGIN > > S: + VXNlcm5hbWU6 > > > > >what mechs are listed? I'm guessing none. If this is the case, either link > > > > >your SASL plugins directory to /usr/lib/sasl2 or rebuild Cyrus using the > > >--with-sasl option. FYI, the reason that IMAP and POP3 both work is that > > they > > >each have their own plaintext login commands (LOGIN and USER/PASS > > >respectively), which don't depend on SASL plugins. > > > > I've got AUTHENTICATE PLAIN working on imapd as it's used to presubscribe > > our new accounts to a couple of folders we create. > > > > I have /usr/lib/sasl2 -> ../local/lib/sasl2, in which live seemingly the > > right things. > > Hmm. You shot me down on both common problems. You only see this problem with > timsieved? What about lmtpd?
I've been following this thread and have timsieved from cyrus 2.1.9 working fine myself. A few things nag me about the imtest capture from above. Previously it was said that only PLAIN and LOGIN mechs are allowed based on the imapd.conf line: sasl_mech_list: plain login. But if you look at the imtest dump the AUTH=LOGIN AUTH=PLAIN mechs aren't shown until _after_ the TLS negotiation takes place. To me this indicates that PLAIN and LOGIN are not allowed unless they're under the TLS/SSL layer. I also noticed that sasl_minimum_layer: 1 was set in the imapd.conf. I don't recall but doesn't that exclude PLAIN and LOGIN unless they are under SSL/TLS? It might be interesting to see if timesieved shows a SASL line after TLS/SSL negotiation is done. Or try setting sasl_minimum_layer: 0 and see if the SASL line shows up in timesieved prior to TLS/SSL negotiation. Just some wild thoughts. -- Scott Russell ([EMAIL PROTECTED]) Linux Technology Center, System Admin, RHCE. Dial 877-735-8200 then ask for 919-543-9289 (TTY)
