Re: SASL 2.1.27

Thanks Sergey, these have been corrected and should update automatically in the next 15 minutes or so :) On Sun, Nov 25, 2018, at 11:14 PM, Sergey wrote: > On Tuesday 20 November 2018, Ken Murchison wrote: > > > I'm pleased to announce the release of the long-awaited SASL 2.1

Re: SASL 2.1.27

On Tuesday 20 November 2018, Ken Murchison wrote: > I'm pleased to announce the release of the long-awaited SASL 2.1.27 > which can be downloaded from here: Thanks. But I have one question and one note. https://github.com/cyrusimap/cyrus-sasl is not updated as I see, or the sourc

SASL 2.1.27

All, I'm pleased to announce the release of the long-awaited SASL 2.1.27 which can be downloaded from here: * HTTP: https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz.sig * FTP: ftp://ftp.cyrusimap.org/

Re: SASL minimum layer used to work at 256, but now requires 1 [Resolved]

I just thought I would answer my own email in case anyone else has the same setup. I found out there is obviously some type of bug in the -23 versions of the SASL packages so they just won't work. Once reverting to the -20 or -21 versions, everything works great. My suspicion about the faulty

SASL minimum layer used to work at 256, but now requires 1

I recently upgraded a CentOS 7 Cyrus 2.4.17 system with Murder and Kerberos and ran into lots of issues with the new packages. What's really puzzling though is although I used to be able to use a SASL minimum layer of 256 (I'm using TLS with GSSAPI for auth), I now must use 1 for the

SASL 2.1.27 rc8

All, I have built a eighth (and hopefully last) release candidate of SASL 2.1.27 which can be downloaded from here: * HTTP: https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc8.tar.gz https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc8.tar.gz.sig * FTP: ftp

SASL 2.1.27 rc7

All, I have built a seventh (and hopefully last) release candidate of SASL 2.1.27 which can be downloaded from here: HTTP: https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz.sig FTP: ftp://ftp.cyrusimap.org/cyrus

Re: SASL 2.1.27 rc6

Ken, I'll try to lab up my original test case (for bug 3480) tomorrow evening. On 12/20/17 11:00 -0500, Ken Murchison wrote: We haven't had much, if any, feedback on this release candidate. Do the GSSAPI/LDAP folks have any further comments on https://github.com/cyrusimap/cyrus-s

Re: SASL 2.1.27 rc6

We haven't had much, if any, feedback on this release candidate. Do the GSSAPI/LDAP folks have any further comments on https://github.com/cyrusimap/cyrus-sasl/issues/419 I'd really like to make a final release by Christmas as promised, but I also don't want to make a release

SASL 2.1.27 rc6

All, I have built a sixth (and hopefully last) release candidate of SASL 2.1.27 which can be downloaded from here: HTTP: http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc6.tar.gz http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc6.tar.gz.sig FTP: ftp://ftp.cyrusimap.org/cyrus

RE: SASL 2.1.27 rc5

, "cyrus-de...@lists.andrew.cmu.edu cyrus-devel" Subject: SASL 2.1.27 rc5 All, I have built a fourth release candidate of SASL 2.1.27 which can be downloaded from here: HTTP: http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc5.t

SASL 2.1.27 rc5

All, I have built a fourth release candidate of SASL 2.1.27 which can be downloaded from here: HTTP: http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc5.tar.gz [MD5: 0e4ab034e93933ae7e4891b6ff58694f] http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc5.tar.gz.sig [MD5

Re: SASL login as another user - unexpected behavior on cyrus 2.4.17

.com domain > only, as> expected. > > Let suppose the Cyrus-IMAPD server stores also accounts for other > domains, such as example2.com domain. > > Well, I see that I can SASL PLAIN login using ad...@example.com on > example2.com accounts too, if I know their names. I can&#x

SASL login as another user - unexpected behavior on cyrus 2.4.17

accounts for other domains, such as example2.com domain. Well, I see that I can SASL PLAIN login using ad...@example.com on example2.com accounts too, if I know their names. I can't understand why this could happen. It seems a security issue. Is there a way to prevent this issue wi

Re: SASL 2.1.27 rc4

Thanks Jakub! On 09/12/2017 11:22 AM, Jakub Jelen wrote: On Mon, 2017-09-11 at 09:58 -0400, Ken Murchison wrote: All, I have built a fourth release candidate of SASL 2.1.27 which can be downloaded from here: https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc4.tar.gz https

SASL 2.1.27 rc4

All, I have built a fourth release candidate of SASL 2.1.27 which can be downloaded from here: https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc4.tar.gz https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc4.tar.gz.sig ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc4.tar.gz

SASL 2.1.27 rc3

All, I have built a third release candidate of SASL 2.1.27 which can be downloaded from here: HTTP: https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27rc3.tar.gz https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27rc3.tar.gz.sig FTP: ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27rc3

SASL 2.1.27 rc2

All, I have built a second release candidate of SASL 2.1.27 which can be downloaded from here: HTTP: https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc2.tar.gz https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc2.tar.gz.sig FTP: ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27

Re: Problems with paragraph characters in SASL passwords?

On 27.05.2017 15:48, Adam Tauno Williams wrote: > On Sat, 2017-05-27 at 10:30 -0300, Patrick Boutilier wrote: >>> I am very happy with Cyrus imapd since many years. I am using it to >>> host all IMAP mail boxes of my company. I am using SASL and its >>> tools (ma

Re: Problems with paragraph characters in SASL passwords?

On Sat, 2017-05-27 at 10:30 -0300, Patrick Boutilier wrote: > > I am very happy with Cyrus imapd since many years. I am using it to > > host all IMAP mail boxes of my company. I am using SASL and its > > tools (mainly saslpasswd2) for password management. The primary > > IM

Re: Problems with paragraph characters in SASL passwords?

On 05/27/2017 09:43 AM, Binarus wrote: Dear all, I am very happy with Cyrus imapd since many years. I am using it to host all IMAP mail boxes of my company. I am using SASL and its tools (mainly saslpasswd2) for password management. The primary IMAP client in the company is Thunderbird

Problems with paragraph characters in SASL passwords?

Dear all, I am very happy with Cyrus imapd since many years. I am using it to host all IMAP mail boxes of my company. I am using SASL and its tools (mainly saslpasswd2) for password management. The primary IMAP client in the company is Thunderbird. Recently, I have decided to replace all IMAP

Re: Some cyrus-sasl questions

On 09/29/14 17:44 -0500, Patrick Goetz wrote: >Hi - > >I've been setting up some new servers and wanted to revisit and optimize >my cyrus-sasl configuration. I couldn't find answers to these questions >anywhere in the documentation or online, but figured this list woul

Some cyrus-sasl questions

Hi - I've been setting up some new servers and wanted to revisit and optimize my cyrus-sasl configuration. I couldn't find answers to these questions anywhere in the documentation or online, but figured this list would know. Ironically, the postfix documentation for using s

Re: About Cyrus IMAP 2.3.18 and Cyrus SASL 2.1.25

Hi Bron, Thank you so much for your answer. Same for Cyrus sasl 2.1.25?. Best regards, El 07/08/2014, a las 10:32, Bron Gondwana escribió: > We did a security release for 2.2 as well last time. It would depend on the > scope of the issue I suspect. If it's easy to fix, then w

Re: About Cyrus IMAP 2.3.18 and Cyrus SASL 2.1.25

We did a security release for 2.2 as well last time. It would depend on the scope of the issue I suspect. If it's easy to fix, then we'd fix 2.2 - if it's an architectural thing that's hard to backport, we'd dump 2.2. Bron. On Thu, Aug 7, 2014, at 09:54 AM, OBATA Akio wrote: > Following infor

Re: About Cyrus IMAP 2.3.18 and Cyrus SASL 2.1.25

Following information is out date? http://www.cyrusimap.org/mediawiki/index.php/Downloads#IMAP_Server "The 2.0 and 2.1 series have been deprecated, and are no longer supported. ", but unclear about 2.2.x series, still maintained in git repo but no release plan? or already not maintained anymore t

Re: About Cyrus IMAP 2.3.18 and Cyrus SASL 2.1.25

Yes, I think for IMAP 2.3.18 we will keep doing security updates for a while yet. Bron. On Wed, Aug 6, 2014, at 07:20 PM, Egoitz Aurrekoetxea wrote: > Good morning, > > Are this versions still maintained at least for security updates?. They both > work like a charm in all sense and we’re happy

About Cyrus IMAP 2.3.18 and Cyrus SASL 2.1.25

Good morning, Are this versions still maintained at least for security updates?. They both work like a charm in all sense and we’re happy with them for the moment. So we are wondering if some security issue appears the will still be updated?. Best regards, Cyrus Home Page: http://www.cyrus

Re: imapd + sasl + ldapdb problems

tanding the options right, is there a >> good explanation for what sasl_ldapdb_canon_attr does? I'm not quite >> sure that I understand its purpose. > > sasl_ldapdb_canon_attr will be the resolved identity that sasl hands back > to cyrus. The identity will be used to find

Re: imapd + sasl + ldapdb problems

hat sasl_ldapdb_canon_attr does? I'm not quite >sure that I understand its purpose. sasl_ldapdb_canon_attr will be the resolved identity that sasl hands back to cyrus. The identity will be used to find the user's INBOX. Having a default domain complicates things a bit (and you may have to experiment

Re: imapd + sasl + ldapdb problems

upported > >imap[16385]: auxpropfunc error no mechanism available > >imap[16385]: unable to canonify user and get auxprops > >imap[16385]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-1): > >generic failure: unable to canonify user and get auxprops] > > You'll nee

Re: imapd + sasl + ldapdb problems

t;sasl_canonuser_add_plugin(): invalid parameter supplied >imap[16385]: SQL engine 'mysql' not supported >imap[16385]: auxpropfunc error no mechanism available >imap[16385]: unable to canonify user and get auxprops >imap[16385]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL

imapd + sasl + ldapdb problems

#x27; not supported imap[16385]: auxpropfunc error no mechanism available imap[16385]: unable to canonify user and get auxprops imap[16385]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-1): generic failure: unable to canonify user and get auxprops] I tracked down the ldapdb_canonuse

Re: Postfix + Cyrus Sasl problem

On Wed, 18 Dec 2013, Eric Abreu Alamo wrote:  Hello all:   Recently I have been trying to install and configure Postfix + Cyrus + Sasl auth (with smtp auth) and i found the following problem. I have installed and configured Cyrus, Postfix and Sasl, and everything is right until smtp auth

Re: Postfix + Cyrus Sasl problem

On 12/18/13 16:25 -0500, Eric Abreu Alamo wrote: > Hello all: >  >Recently I have been trying to install and configure Postfix + Cyrus + >Sasl auth (with smtp auth) and i found the following problem. I have >installed and configured Cyrus, Postfix and Sasl, and everything is right &

Postfix + Cyrus Sasl problem

 Hello all:   Recently I have been trying to install and configure Postfix + Cyrus + Sasl auth (with smtp auth) and i found the following problem. I have installed and configured Cyrus, Postfix and Sasl, and everything is right until smtp auth. When I edit the /etc/default/saslauthd file and I

IP based Restrictions within SASL

kind of application. Can this be done within cyrus. ( probably cyrus sasl ) Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

cyrus-imapd server, sasl client and "encoded packet size too big (4156 > 4096)"

Hello all, We are modernizing our Cyrus IMAP server, and are using cyrus sasl 2.1.26 and imap server 2.4.17. We are using Kerberos (GSSAPI) for authenticating the different parts to each other, such as the proxy to the imapd, imapds to each other, and such. We often get "encoded packet siz

Cyrus SASL 2.1.26 Released

I'd like to announce the release of Cyrus SASL 2.1.26 on ftp.cyrusimap.org Major changes in Cyrus SASL 2.1.26: * Modernize SASL malloc/realloc callback prototypes * Added sasl_config_done() to plug a memory leak when using an application specific config file * Fixed PLAIN/LOGIN authentic

Cyrus SASL 2.1.26 Released

I'd like to announce the release of Cyrus SASL 2.1.26 on ftp.cyrusimap.org Major changes in Cyrus SASL 2.1.26: * Modernize SASL malloc/realloc callback prototypes * Added sasl_config_done() to plug a memory leak when using an application specific config file * Fixed PLAIN/LOGIN authentic

Re: Help with cyrus-imapd, cyrus-sasl, postfix and lmtp

two >servers, unless your authentication database is network enabled, i.e. SQL >or LDAP. > >Postfix can be configured to use cyrus sasl for smtp authentication (see >saslfinger), On your Postfix server, for smtp authentication, you could use saslauthd's rimap backend, which would

Re: Help with cyrus-imapd, cyrus-sasl, postfix and lmtp

ve roaming users with email clients. As Andy pointed out, you may need to sync your authentication database between the two servers, unless your authentication database is network enabled, i.e. SQL or LDAP. Postfix can be configured to use cyrus sasl for smtp authentication (see saslfing

Re: Help with cyrus-imapd, cyrus-sasl, postfix and lmtp

One more point. Can't one authenticate with saslauthd running on a remote machine? So, could I: InternetDMZ Internal = == mail -> Postfix -> lmtp ^| |

Re: Help with cyrus-imapd, cyrus-sasl, postfix and lmtp

I was hoping postfix could be configured to blindly forward to lmtp and let lmtp authenticate. I lost a dual sendmail configuration where mail was received in the DMZ and then forwarded to a sendmail internal. Perhaps I'm approaching this entirely wrong. On 11/4/2012 10:09 AM, Andrew Morgan

Re: Help with cyrus-imapd, cyrus-sasl, postfix and lmtp

On Sun, 4 Nov 2012, Dale J Chatham wrote: > my intent it so have postfix in the DMZ delivering to cyrus lmtp and > cyrus internal. > > I'd like to not have to have a map of users, but to use ideally sasldb > to determine users and passwords, but pam if necessary. I'd rather use > stock packages a

Help with cyrus-imapd, cyrus-sasl, postfix and lmtp

my intent it so have postfix in the DMZ delivering to cyrus lmtp and cyrus internal. I'd like to not have to have a map of users, but to use ideally sasldb to determine users and passwords, but pam if necessary. I'd rather use stock packages and avoid compiling from scratch. Distro is centos

Re: cyrus sasl Password lock after n failed attempts

On Fri, Oct 12, 2012 at 04:54:12PM +1030, Daniel O'Connor wrote: > > On 12/10/2012, at 15:21, Ram wrote: > > Of late I have seen lots of attempts at getting in weak weak > > passwords. Is there a way I can implement password lock out within > > cyrus if there are more than n consecutive bad atte

Re: cyrus sasl Password lock after n failed attempts

On 12/10/2012, at 15:21, Ram wrote: > Off late I have seen lots of attempts at getting in weak weak passwords. > Is there a way I can implement password lock out within cyrus if there > are more than n consecutive bad attempts I think a feature like this is likely to result in a denial of ser

Re: cyrus sasl Password lock after n failed attempts

bad attempts I am not aware of a sasl specific way to lock out accounts automatically. If your ldap server is OpenLDAP, see slapo-ppolicy(5). Other approaches include logcheck, pam_tally, and (linux specific): http://www.debian-administration.org/articles/187 -- Dan White Cyr

cyrus sasl Password lock after n failed attempts

Hi I am using cyrus saslauthd with pam_ldap for authentication. Off late I have seen lots of attempts at getting in weak weak passwords. Is there a way I can implement password lock out within cyrus if there are more than n consecutive bad attempts Cyrus Home Page: http://www.cyrusimap.or

Re: SASL and default domain

On 12-08-20 03:29 PM, Dan White wrote: > On 08/19/12 19:39 -0400, brian wrote: >> I'm having some trouble configuring SASL for a new server. Specifically, >> it seems, with realms. I'm now at the point where imtest works with the >> virtual domains but not with the

Re: SASL and default domain

On 08/19/12 19:39 -0400, brian wrote: >I'm having some trouble configuring SASL for a new server. Specifically, >it seems, with realms. I'm now at the point where imtest works with the >virtual domains but not with the default domain. > >I'm using sasldb through au

Re: SASL and default domain

On 12-08-20 09:43 AM, Andrew Morgan wrote: > > Does it work if you use: > > imtest -v -m plain -a user -r DEFAULT.TLD localhost No, it does not. Same result, same msg in logs. I had tried that as well as: imtest -v -m plain -a user -r poseidon.DEFAULT.TLD localhost imtest -v -m plain -a user -r m

Re: SASL and default domain

On Sun, 19 Aug 2012, brian wrote: > I'm having some trouble configuring SASL for a new server. Specifically, > it seems, with realms. I'm now at the point where imtest works with the > virtual domains but not with the default domain. > > I'm using sasldb through au

SASL and default domain

I'm having some trouble configuring SASL for a new server. Specifically, it seems, with realms. I'm now at the point where imtest works with the virtual domains but not with the default domain. I'm using sasldb through auxprop. In the past I've always done: saslpasswd2 -c

Re: Self compiled Cyrus 2.4.16 does not talk to self compiled Cyrus SASL 2.1.25

On Tue, June 19, 2012 3:55 pm, Dan White wrote: > On 06/19/12 11:17 +0200, Eric Luyten wrote: > >> Folks, >> >> >> >> (hitting the same wall over and over again when upgrading) >> >> >> >> Cyrus SASL is working/looking in /var/state

Re: Self compiled Cyrus 2.4.16 does not talk to self compiled Cyrus SASL 2.1.25

On 06/19/12 11:17 +0200, Eric Luyten wrote: >Folks, > > >(hitting the same wall over and over again when upgrading) > > >Cyrus SASL is working/looking in /var/state/saslauthd all >right, but Cyrus 2.4 appears to be writing elsewhere, and >we cannot find out w

Re: Self compiled Cyrus 2.4.16 does not talk to self compiled Cyrus SASL 2.1.25

On Tue, June 19, 2012 12:05 pm, Adam Tauno Williams wrote: > On Tue, 2012-06-19 at 11:17 +0200, Eric Luyten wrote: > >> (hitting the same wall over and over again when upgrading) >> Cyrus SASL is working/looking in /var/state/saslauthd all >> right, but Cyrus 2.4 appears

Re: Self compiled Cyrus 2.4.16 does not talk to self compiled Cyrus SASL 2.1.25

On Tue, 2012-06-19 at 11:17 +0200, Eric Luyten wrote: > (hitting the same wall over and over again when upgrading) > Cyrus SASL is working/looking in /var/state/saslauthd all > right, but Cyrus 2.4 appears to be writing elsewhere, and > we cannot find out where exactly. Are you sure i

Self compiled Cyrus 2.4.16 does not talk to self compiled Cyrus SASL 2.1.25

Folks, (hitting the same wall over and over again when upgrading) Cyrus SASL is working/looking in /var/state/saslauthd all right, but Cyrus 2.4 appears to be writing elsewhere, and we cannot find out where exactly. Have tried 'saslauthd_path' option in /etc/imapd.conf to no avail

Re: testing sasl login

On 12-03-25 05:59 PM, brian wrote: > I'm having some trouble authenticating. I think it may involve the realm > but can't say for sure. Please excuse the noise. I had Postfix chrooted. I'm still confused about when the realm should be appended, though. But I'll post a new message about that. --

testing sasl login

--- 1 root sasl 12288 2012-03-25 15:34 /etc/sasldb2 $ grep -v '^#' /etc/default/saslauthd START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="sasldb" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/run/saslauthd" /etc

Cyrus SASL 2.1.25 Released

I'd like to announce the release of Cyrus SASL 2.1.25 on ftp.cyrusimap.org Major changes in Cyrus SASL 2.1.25: Added support for channel bindings Added support for ordering SASL mechanisms by strength (on the client side), or using the "client_mech_list" option. Allow DIGEST-M

Re: Cyrus IMAP and SASL on replicated machines

J. Pilfold-Bagwell wrote: > Hi All, > > I have a Cyrus box that I set up about 3 years ago that's been running > flawlessly. Recently though, as we're becoming increasingly reliant on > email, it was decided that we're going to set up a DRBD replicated system. > While I'm not trying to negate t

Re: Cyrus IMAP and SASL on replicated machines

I have a Cyrus box that I set up about 3 years ago that's been running flawlessly. Recently though, as we're becoming increasingly reliant on email, it was decided that we're going to set up a DRBD replicated system. The only question that's nagging is that of running Cyrus

Cyrus IMAP and SASL on replicated machines

Hi All, I have a Cyrus box that I set up about 3 years ago that's been running flawlessly. Recently though, as we're becoming increasingly reliant on email, it was decided that we're going to set up a DRBD replicated system. The only question that's nagging is that o

Re: cyrus imap realm moves but sasl stays put

lbox. > > Then I did > # saslpasswd2 -c ross > which created a ross@vm-migrate07 id in the sasldb. I was able to login > to imap, using an unqualified "ross" as my username. > > So the imap server acts as if the accounts formerly associated with > ross@vm-lenn

cyrus imap real moves but sasl stays put

to ross@vm-migrate07. In this case that's convenient, but I'm puzzled why it happened. sasl 2.1.22 with cyrus 2.2.13 on Debian Lenny. imapd.conf includes allowplaintext: yes sasl_minimum_layer: 0 loginrealms: vm-lenny00 vm-lenny00.kvm.lan sasl_pwcheck_method: auxprop No virtual domains

Re: sieve and SASL

> "IMPLEMENTATION" "Cyrus timsieved v2.4.8-Invoca-RPM-2.4.8-1.el4" > "SASL" "PLAIN" > "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags > notify envelope relational regex subaddress copy" > "START

Re: sieve and SASL

"Cyrus timsieved v2.4.8-Invoca-RPM-2.4.8-1.el6" > "SASL" "" > "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags > notify envelope relational regex subaddress copy" > "STARTTLS" > OK Is this with the default c

Re: sieve and SASL

gt; > "IMPLEMENTATION" "Cyrus timsieved v2.4.8-Invoca-RPM-2.4.8-1.el6" > "SASL" "" > "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags > notify envelope relational regex subaddress copy" > "STARTT

Re: sieve and SASL

> >"IMPLEMENTATION" "Cyrus timsieved v2.4.8-Invoca-RPM-2.4.8-1.el6" >"SASL" "" >"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags >notify envelope relational regex subaddress copy" >"STARTTLS&quo

sieve and SASL

RPM-2.4.8-1.el6" "SASL" "" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK after SASL is "", which usually has; "SASL" "PLAIN

Re: SASL w/ Encrypted SQL Password Security (Comment, Suggestion and Possible Solution)

riele. -- Da: Raymond T. Sundland A: Dan White Cc: info-cyrus@lists.andrew.cmu.edu Data: 25 gennaio 2011 19.52.42 CET Oggetto: Re: SASL w/ Encrypted SQL Password Security (Comment, Suggestion and Possible Solution) Thanks for the explanation. Though, I would prefer some

Re: SASL w/ Encrypted SQL Password Security (Comment, Suggestion and Possible Solution)

#x27;s been at least 6 years since it's been common >>security practice to not store cleartext passwords in a database, why >>does SASL still require it?  Can't SASL be modified to accept >>some token from the SQL query that basically says, "yes the pas

Re: SASL w/ Encrypted SQL Password Security (Comment, Suggestion and Possible Solution)

On 25/01/11 12:48 -0500, Raymond T. Sundland wrote: >So given that it's been at least 6 years since it's been common >security practice to not store cleartext passwords in a database, why >does SASL still require it?  Can't SASL be modified to accept >so

SASL w/ Encrypted SQL Password Security (Comment, Suggestion and Possible Solution)

Maybe this isn't the correct list for this question as it has to do more with SASL, but I am setting up a new mail server on a new box.  This is my 4th iteration of "starting fresh" using Cyrus Imap with some sort of 3rd party database backend, using both

Re: Problems testing cyrus imap server (cyrus sasl + ldapdb plugin)

On 29/11/10 12:15 -0400, Fernando Torrez wrote: >I configured cyrus-imapd to authenticate through cyrus-sasl with ldapdb >auxprop. >I did all tests suggested on cyrus-imap, cyrus-sasl, and openldap >documentacions >but when trying with telnet command I got this error > &g

Problems testing cyrus imap server (cyrus sasl + ldapdb plugin)

Hi all I configured cyrus-imapd to authenticate through cyrus-sasl with ldapdb auxprop. I did all tests suggested on cyrus-imap, cyrus-sasl, and openldap documentacions but when trying with telnet command I got this error firewall:/usr/lib/sasl2 # telnet localhost imap Trying ::1... Connected

Re: Cyrus Postfix SASL Auth SMTP MySQL Always Authenticate multiple mech_list

d manipulating the MySQL to >always return true but this seems impossible. > >What I would like to know is how to use Cyrus SASL Auth redirection to >always authenticate the SMTP user regardless of username and password. > >My workaround for now is to use just 'plain

Cyrus Postfix SASL Auth SMTP MySQL Always Authenticate multiple mech_list

know is how to use Cyrus SASL Auth redirection to always authenticate the SMTP user regardless of username and password. My workaround for now is to use just 'plain' and this works quite well but I suspect Exchange server are reporting EHLO problems and I can see cram-md5 failures.

Re: Building cyrus sasl on solaris 10

Hi David, thanks a lot for you're answer finally I used cyrus sasl package from sunfreeware... and just compiled cyrus imapd and postfix but... I'm seeing performance issues... I think perhaps solaris, unless solaris 10 it's not the best OS for running a mail machine w

Re: Building cyrus sasl on solaris 10

Egoitz, Egoitz Aurrekoetxea wrote: > I'm trying to build a mail machine box with Postfix (cyrus saslauthd > authentication), cyrus sasl (with saslauthd) and cyrus-imap. The main > problem I'm finding for the moment is that when building cyrus sasl > plugins... onl

Re: Building cyrus sasl on solaris 10

make the warnings told before about libraries > and dlopen... That may be normal. > Any ideas please?... have tried too with --enable-static and > --enable-shared... but no way I can only speak for cyrus-sasl-2.1.22 under Solaris 10. If you are building a later version, somebod

Re: Building cyrus sasl on solaris 10

> > Any ideas please?... have tried too with --enable-static and > --enable-shared... but no way > > Bye! thanks!!! > > 2010/1/5 Gary Mills > > On Mon, Jan 04, 2010 at 11:25:01PM +0100, Egoitz Aurrekoetxea wrote: >> > >> >So is there any proced

Re: Building cyrus sasl on solaris 10

On Mon, Jan 04, 2010 at 11:25:01PM +0100, Egoitz Aurrekoetxea wrote: > >So is there any procedure for building this on Solaris 10?? I know >solaris comes with some parts of cyrus sasl library... but it's only >one part and it doesn't come with binaries li

Building cyrus sasl on solaris 10

Hi all!!, I'm trying to build a mail machine box with Postfix (cyrus saslauthd authentication), cyrus sasl (with saslauthd) and cyrus-imap. The main problem I'm finding for the moment is that when building cyrus sasl plugins... only static libraries are created for auth mechs causing

Re: Quick SASL question

On 16/11/09 16:39 -0400, Patrick Boutilier wrote: >I am setting up a murder environment in testing. The backends use >SASL with pam for imap/pop authentication. I have to configure a user >for "proxyservers" on the backends for the frontends to use. Is there >anyway to co

Quick SASL question

I am setting up a murder environment in testing. The backends use SASL with pam for imap/pop authentication. I have to configure a user for "proxyservers" on the backends for the frontends to use. Is there anyway to configure it so that the "proxyservers" user can be in /etc

Cyrus SASL 2.1.24 RC1 Released

I'd like to announce the release of Cyrus SASL 2.1.24 RC1 on ftp.andrew.cmu.edu. This release candidate includes numerous bugfixes and several minor feature enhancements. For a complete list, look at the NEWS file in the distribution. I'd like to get some independent testing of

Re: authid translation using SASL sql auxprop

Michael Ulitskiy wrote: > Hello, > > Is there a way in cyrus/sasl to transparently change user authid according to > result of some sql query? > I.e. I want that if user successfully authenticates as user 'john' to > transparently change his authid to user > 

authid translation using SASL sql auxprop

Hello, Is there a way in cyrus/sasl to transparently change user authid according to result of some sql query? I.e. I want that if user successfully authenticates as user 'john' to transparently change his authid to user 'jack' and so let him see user.jack as his INBOX. A

Cyrus Imapd with SASL, authenticate against AD Windows 2003 with Kerberos5

b "OU=Mitgliedsserver,OU=ACH,DC=Domain,DC=tld" -h acsv3k04.domain.tld description ldap_initialize( ldap://acsv3k04.domain.tld) SASL/GSSAPI authentication started SASL username: u...@domain.tld SASL SSF: 56 SASL data security layer installed. filter: (objectclass=*) requesting: des

Re: Cyrus IMAP SASL authentication failure

Thank you for your suggestions! I figured out what was the problem in my case. This was the OPTIONS setting in /etc/deafault/saslauthd. Since I run my Postfix chrooted I had: OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" In order for cyradm to identify users using I saslauthd, I also added

Re: Cyrus IMAP SASL authentication failure

Vladimir Vassiliev wrote, at 06/17/2009 09:02 AM: >> Here is an extract from my imapd.conf file: >> >> admins: cyrus >> imap_admins: cyrus >> sasl_mech_list: LOGIN >> sasl_minimum_layer: 1 >> sasl_maximum_layer: 256 >> sasl_pwcheck_method: saslauthd > > Maybe it's because of sasl_minimum_layer: 1

Re: Cyrus IMAP SASL authentication failure

> Here is an extract from my imapd.conf file: > > admins: cyrus > imap_admins: cyrus > sasl_mech_list: LOGIN > sasl_minimum_layer: 1 > sasl_maximum_layer: 256 > sasl_pwcheck_method: saslauthd Maybe it's because of sasl_minimum_layer: 1 LOGIN gives you no security layer. -- Vladimir Vassiliev

Cyrus IMAP SASL authentication failure

Hello, I have a problem with Cyrus IMAP SASL authentication. When I try to login to create Cyrus IMAP mailboxes, I see the following: $ cyradm --user cyrus --auth login localhost IMAP Password: Login failed: generic failure at /usr/lib/perl5/Cyrus/IMAP/Admin.pm line 119 cyradm: cannot

Cyrus SASL 2.1.23 Released

I'd like to announce the release of Cyrus SASL 2.1.23 on ftp.andrew.cmu.edu. This version includes a fix for a potential buffer overflow in sasl_encode64() (see http://www.kb.cert.org/vuls/id/238019), otherwise it is identical to 2.1.22. Please note that while this fixes vulnerable code

cyrus-sasl pam mysql connections are not getting closed

I am using cyrus-sasl with pam mysql ( on Centos5) The mysql is on a remote server. After some time I find that there are too many connections to mysql open ( using netstat) I restart saslauthd but still these dont away How do I check what the mysql connection is being used for ? and how do I

  1   2   3   4   5   6   7   8   9   10   >