Cyrus SASL Authentication [CLOSED]

All questions about cyrus-imap used by artica

Cyrus SASL Authentication [CLOSED]

New postby EmiteAves » Sun Feb 20, 2011 12:20 pm

Hello,

as I see, Artica provides only plain-text authentication with TLS for now?

Code: Select all
Feb 20 10:28:21 Debian cyrus/imap[13009]: accepted connection
Feb 20 10:28:21 Debian cyrus/imap[13009]: STARTTLS negotiation failed: xxx [xx.xx.xx.xx]
Feb 20 10:28:21 Debian cyrus/imap[13009]: Connection reset by peer, closing connection
Feb 20 10:28:23 Debian cyrus/imap[13007]: accepted connection
Feb 20 10:28:24 Debian cyrus/imap[13007]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication
Feb 20 10:28:24 Debian cyrus/imap[13007]: badlogin: xxx [xx.xx.xx.xx] plain [SASL(-13): authentication failure: Password verification failed]
Feb 20 10:28:27 Debian cyrus/imap[13007]: badlogin: xxx [xx.xx.xx.xx] login [SASL(-13): authentication failure: checkpass failed]
Feb 20 10:28:30 Debian cyrus/imap[13007]: badlogin: xxx [xx.xx.xx.xx] plaintext stasik SASL(-13): authentication failure: checkpass failed
Feb 20 10:28:33 Debian cyrus/imap[13002]: accepted connection
Feb 20 10:28:33 Debian cyrus/imap[13002]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication
Feb 20 10:28:33 Debian cyrus/imap[13002]: login: xxx [xx.xx.xx.xx] user@dexample.com plain+TLS User logged in

(This happens when I try to add CRAM-MD5, DIGEST-MD5 PLAIN to /etc/default/saslauthd)

The time-stamps show, that the it goes through all possible types and ends with PLAIN.
Artica is already using SASL, is it possible to add these authentication methods? cyrus -> auxprop -> /etc/sasldb (with cyrus reading sasldb), then ALL mechanisms are supported.

For example iPad and MacOSX refuse to use automatically use Plaintext (APOP) and you need to change it manually, which is pretty nasty for some users.

Authentication Recommendations by CyrusIMAP.org
If you are running a mail server on a single machine, we recommend that you configure the system to use CRAM-MD5 or DIGEST-MD5.


I do not know how Artica+Zarafa are handling that, but I think this is a good intent.

Kind regards
EmiteAves
 
Posts: 53
Joined: Sun Feb 20, 2011 11:50 am
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Cyrus SASL Authentication

New postby admin » Sun Feb 20, 2011 2:16 pm

I will add these option but it took time because, i need to tranform it to a form in the Artica interface.
I will ping you when the feature will be available.
User avatar
admin
Site Admin
 
Posts: 11941
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Cyrus SASL Authentication

New postby EmiteAves » Thu Mar 03, 2011 7:31 am

Hello,

There is a How-To and one site in French, maybe this will help you finishing this request more quickly.

The main problem is, that mobile clients can't use Artica with their devices - without the need to adjust settings (Password-Authentication) and for some iPhone2g or Nokia users its a mess. Would really appreciate this feature.

Btw. I spoke to the maintainer of Zarafa - they only support Plain-Text+TLS for unknown reasons.

Regards.
EmiteAves
 
Posts: 53
Joined: Sun Feb 20, 2011 11:50 am
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: Cyrus SASL Authentication

New postby admin » Thu Mar 03, 2011 12:29 pm

Many thanks

I will add the feature before end of this week
User avatar
admin
Site Admin
 
Posts: 11941
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Cyrus SASL Authentication

New postby admin » Thu Mar 03, 2011 11:50 pm

On the 1.5.030400 version you will be able to add different mechanisms that changes the /etc/imapd.conf file.

2011-03-04_004652.png
2011-03-04_004652.png (64.87 KiB) Viewed 5955 times


I have read in some wikis there is some incompatibilities with cram/digest using ldap backend.
These post has been written in 2005.. perhaps something changed since this date.
User avatar
admin
Site Admin
 
Posts: 11941
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: Cyrus SASL Authentication

New postby EmiteAves » Sat Mar 05, 2011 2:00 pm

For now I can confirm that DIGEST-MD5 + TLS is working. Thank you for adding this feature. I will test this during this day!
EmiteAves
 
Posts: 53
Joined: Sun Feb 20, 2011 11:50 am
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee


Return to Cyrus-imap

Who is online

Users browsing this forum: No registered users and 1 guest

cron