[Bug 865] Changed - Using RPM builds, apache seg faults when IMP is used with a cyrus IMAP server

bugs@bugs.horde.org bugs@bugs.horde.org
Thu, 7 Feb 2002 20:54:38 -0400

Previous message: [Bug 867] Changed - Assumptions about how horde is mounted buried in files
Next message: [Bug 865] Changed - Using RPM builds, apache seg faults when IMP is used with a cyrus IMAP server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://bugs.horde.org/show_bug.cgi?id=865

*** shadow/865	Thu Feb  7 01:34:32 2002
--- shadow/865.tmp.5866	Thu Feb  7 20:54:38 2002
***************
*** 84,86 ****
--- 84,125 ----
  ------- Additional Comments From chuck@horde.org  02/07/02 01:34 -------
  You need to get a backtrace and report it as a PHP bug:
  http://bugs.php.net/bugs-generating-backtrace.php
+ 
+ ------- Additional Comments From chprasad@hotmail.com  02/07/02 20:54 -------
+ Problem:
+         IMPv3 was causing a coredump of apache when authenticating with cyrus.
+         It however worked fine with non cyrus imapd server.
+ 
+ Debugging:
+         I've captured the following  traces of imap conversation using tcpflow.
+ 
+         1) impv3-cyrus-failure.txt
+         2) impv3-noncyrus-success.txt
+         3) impv2-cyrus-success.txt
+         4) impv3-cyrus-success.txt
+ 
+         From (1), found that Cyrus wasn't advertising plain text login.
+         And as we authenticate via sasl -> pam -> ldap, i figured
+         that CRAM-MD5 auth is either not correctly advertised, or not
+         working.
+ 
+         (2) and (3) proved that we have hope if we can get cyrus to advertise
+         plain text authentication scheme. Based on he advice found at
+ 
+ http://faqchest.dynhost.com/prgm/cyrus-l/cyrus-02/cyrus-0201/cyrus-
+ 020100/cyrus02010407_10515.html
+ 
+         I edited /etc/cyrus.conf and added "-p 2" to imapd command line. This 
+         option tells cyrus that we have an external mechanism (a half-truth;
+         we only have it when using IMP with https) that ensures that passwords
+         in cleartext aren't exposed. This coaxes cyrus into advertising
+         plain text passwords and bingo! impv3 works with our cyrus intallation.
+ 
+ Repercussions:
+         As IMPv2 did, I suspect that other clients such as OutlookExpress
+         ignore that plain text auth isn't adevrtized and hence, worked
+         even before this change. If this is not the case, we have weakened
+         the possible security cover we have
+         when using half-smart clients like IMPv3. These clients seem to go for
+         plain text auth even though the client can handle stronger
+         schemes that are advertized by the server.

Previous message: [Bug 867] Changed - Assumptions about how horde is mounted buried in files
Next message: [Bug 865] Changed - Using RPM builds, apache seg faults when IMP is used with a cyrus IMAP server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]