How can I configure Cyrus IMAP to submit a default realm to SASL?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by piwi on Server Fault See other posts from Server Fault or by piwi
Published on 2013-07-02T13:46:18Z Indexed on 2013/07/03 11:08 UTC
Read the original article Hit count: 325

Filed under:
|
|
|

I have configured Postfix to work with SASL using plain text, where the former automatically submits a default realm to the latter when requesting authentication.

Assuming the domain name is example.com and the user is foo, here is how I configured it on my Debian system so far.

In the postfix configuration file /etc/main.cf:

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain

The SMTP configuration file /etc/postfix/smtpd.conf contains:

pwcheck_method: saslauthd
mech_list: PLAIN

The SASL daemon is configured with the sasldb mechanism in /etc/default/saslauthd:

MECHANIMS="sasldb"

The SASL database file contains a single user, shown by sasldblistusers2:

[email protected]: userPassword

The authentication works well without having to provide a realm, as postifx does that for me. However, I cannot find out how to tell the Cyrus IMAP daemon to do the same.

I created a user cyrus in my SASL database, which uses the realm of the host domain name, not example.com, for administrative purpose. I used this account to create a mailbox through cyradm for the user foo:

cm user.foo

IMAP is configured in /etc/imapd.conf this way:

allowplaintext: yes
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
servername: mail.example.com

If I enable cross-realm authentication (loginrealms: example.com), trying to authenticate using imtest works with these options:

imtest -m login -a [email protected] localhost

However, I would like to be able to authenticate without having to specify the realm, like this:

imtest -m login -a foo localhost

I thought that using virtdomains (setting it either to userid or on) and defaultdomain: example.com would do just that, but I cannot get to make it work.

I always end up with this error:

cyrus/imap[11012]: badlogin: localhost [127.0.0.1] plaintext foo SASL(-13): authentication failure: checkpass failed

What I understand is that cyrus-imapd never tries to submit the realm when trying to authenticate the user foo.

My question: how can I tell cyrus-imapd to send the domain name as the realm automatically?

Thanks for your insights!

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about linux

Related posts about email

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle