[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: imap4d: unable to connect via TLS
From: |
Sergey Poznyakoff |
Subject: |
Re: imap4d: unable to connect via TLS |
Date: |
Fri, 18 Feb 2022 16:44:14 +0100 |
User-agent: |
MH (GNU Mailutils 3.13.90) |
Hi Maurizio,
> It seems to occur in the authentication phase.
>
> I attached 2 syslog snippets obtained with 'transcript yes':
Thanks, that clarified the picture. You have forgotten to mention that
you were using PLAIN. I was able to reproduce the bug when I switched
to it. I have fixed the bug in commit 6f0dfc97a0[1].
> - auth_cram-md5.log is the result of two authentication attempt in "encrypted"
> mode: the client reports that password wasn't accepted and I tried to input
> it a second time, then I cancelled the attempt.
As a matter of fact it was the *server* that reported that
authentication didn't succeed, because it (the server) "wasn't able to
get the password". Let me explain. CRAM-MD5 (as well as DIGEST-MD5 and
others) requires that the user password be kept on the server in
*unencrypted* form. As such, these authentication types cannot use
system user database, PAM, or the like. To use these authentication
types, you will have to keep user names and their corresponding
cleartext passwords in a separate file or in an SQL database.
You will need to apply the patch above, no matter what auth type you
use.
Regards,
Sergey
[1]
https://git.savannah.gnu.org/cgit/mailutils.git/commit/?id=6f0dfc97a0484029d8719cd6fd629fa7f4af814c