On Friday 29 August 2003 07:51, Nikola Milutinovic wrote: Hi Nikola,
> Why BOTH pwcheck and saslauthd? good question ;) ... I tried almost everything to get this working what I want. Normally I don't enable this. > Strange. Why is it NOT showing "GSSAPI" (Kerberos 5)? I don't have kerberos headers installed, so I assume the configure script did not detect it, so ... :) > Anyway, this could easily be caused by "Minimum SSF" setting in the config > file. "PLAIN" and "LOGIN" are just unsecure methods, doing no encryption > and, thus, their SSF (Security Strength Factor) is 0. It could be that your > IMAP server is simply refusing to list and accept those mechs. Try the same > thing over TLS: > ./imtest -u mcp -a mcp -m login -v -t "" I tried to set SSF to 0, no change. Yes, and above works if I use it over TLS. I enabled this this night, after I wrote my mail to the list. Anyway, I cannot use CRAM-MD5 :( Aug 29 11:08:42 codeman imapd[2718]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication Aug 29 11:08:44 codeman imapd[2718]: no secret in database Aug 29 11:08:44 codeman imapd[2718]: badlogin: localhost[127.0.0.1] CRAM-MD5 [SASL(-13): user not found: no secret in database] The user has an entry in sasldb2, but only userPassword. > Is "saslauthd" running? yes. Anyway, it seems the compilation went nuts. After my $X compilation, imapd is able to connect to saslauthd socket. > "saslauthd" and "*-MD5" methods are incompatible, unless they will use > sasldb. MD5 methods MUST have access to locally stored shared secret > (password). At this time it can be in sasldb only (no MySQL). yes, but the problem is, I cannot use anything higher than PLAIN/LOGIN. Always this error: Aug 29 11:08:42 codeman imapd[2718]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication Aug 29 11:08:44 codeman imapd[2718]: no secret in database Aug 29 11:08:44 codeman imapd[2718]: badlogin: localhost[127.0.0.1] CRAM-MD5 [SASL(-13): user not found: no secret in database] -- ciao, Marc
