Luca Olivetti wrote: > > Marco Colombo wrote: > > > There's no AUTH=xxx entry, so there are *no* available mechs at this > > point. AFAIK, unsafe mechs (the ones that send passwords in cleartext > > over the net) are disabled by default. There're enabled if the client > > requests a TLS connection via STARTTLS. > > Thanks, you're right, if I use -s or -t it works.
Sorry, I forgot to mention this. > What's strange that now I RTFM and put an "allowplaintext: yes" (also > tried "allowplaintext: true") in imapd.conf (not a security problem > since it accepts plaintext connections only from localhost) and still it > doesn't advertise AUTH=PLAIN: This option only effects protocol-specific plaintext login commands (IMAP LOGIN, POP3 USER/PASS), not SASL. You'll notice that if you set "allowplaintext: no", you see the LOGINDISABLED capability in IMAP, and USER will not be a POP3 capability. > $ telnet localhost imap > Trying 127.0.0.1... > Connected to localhost.localdomain (127.0.0.1). > Escape character is '^]'. > * OK saturn.wetron.local Cyrus IMAP4 v2.1.12-Mandrake-RPM-2.1.12-1mdk > server ready > 1 capability > * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT > THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT > LIST-SUBSCRIBED ANNOTATEMORE X-NETSCAPE > 1 OK Completed > 2 logout > * BYE LOGOUT received > 2 OK Completed > Connection closed by foreign host. > > Of course I restarted master after editing imapd.conf > I also tried adding "sasl_miminum_layer: 0" but that changed nothing > (and it should be the default). > > [....] > > $ cyradm --authz marco --user cyrus localhost > > Password: > > devel.ESI> lm > > INBOX (\HasChildren) INBOX.test2 (\HasNoChildren) > > INBOX.test (\HasNoChildren) > > devel.ESI> quit > > > > Again, the password I typed was the one of 'cyrus', yet: > > > > Mar 19 10:36:07 devel imapd[31845]: login: devel.ESI[127.0.0.1] marco SRP User > > logged in > > > > I wasn't able to test PLAIN, because I don't know how to tell cyradm > > to use TLS. > > It seems there isn't a documented way. This is correct. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
