Christiano Anderson wrote:By the way, I tested the ldap auxprop plugin and it does not work for Cyrus-imap 2.2.2 cvs.
I am installing a Cyrus box with the following configuration:
Machine: Dual Xeon 2GHz, 1Gb RAM
System: Debian GNU/Linux 3.0, Cyrus 2.1 (Backported) and SASL2 (Backported)
Authentication: LDAP
I have created a cyrus user under LDAP directory and the PAM modules has been set up to lib_ldap.so. When I try a "testsaslauthd -u cyrus -p [hidden]" I get a Sucess status, however, a "cyradm -u cyrus localhost" doesn't work.
This is because cyradm will pick the most secure authentication mechanism that the server advertises (e.g. DIGEST-MD5), and all of the non-plaintext mechanisms require that you have the user's secret stored in an auxprop plugin backend (e.g. sasldb). If you only want to use plaintext passwords via saslauthd, set your imapd.conf options to:
sasl_mech_list: PLAIN LOGIN sasl_pwcheck_method: saslauthd
Alternatively, OpenLDAP 2.1.x includes an auxprop plugin, which would allow you use any SASL mech with your LDAP installation.
The funny thing is that with the same setup (minus the "sasl_" in imapd.conf) I can
authenticate with Postfix. Anyone had any success with that ? I know is more like a cyrus-sasl
problem, but as I said Postfix works in the same scenario.
mitu
