Score:0

Proxy authentication in cyrus with SASL and kerberos

mx flag

I am trying to enable proxy authentication in cyrus + SASL, i.e authenticating as the admin user cyrus but with the access rights of any other user, e.g. peter (as described here). I am trying with

imtest -a cyrus -u peter -m plain -t "" localhost

but it fails with S: A01 NO no mechanism available. In the cyrus service log I see this entry:

badlogin: localhost [::1] PLAIN (peter) [SASL(-4): no mechanisms available: Unable to find a callback: 32773]

When I use -u cyrus in the above command, it works, which means that cyrus accepts the PLAIN mechanism which is apparently needed for proxy authentication.

Relevant options in /etc/imapd.conf:

allowplaintext: yes
proxyservers: cyrus
sasl_mech_list: GSSAPI PLAIN LOGIN DIGEST-MD5
sasl_pwcheck_method: auxprop saslauthd
sasl_auxprop_plugin: gssapiv2

saslauthd is using kerberos as authentication source which is run by a samba server. Do I somehow need to allow proxy authorization in samba? I found some references regarding OpenLDAP servers, but I was not able to transfer them to my situation.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.