[horde] IMAP auth-mech CRAM-MD5 - disaibled PLAIN/LOGIN

django at nausch.org django at nausch.org
Wed May 20 07:31:04 UTC 2015


Hello,

I'm using horde 5.2.5. and Dovecot as IMAP-Server. Dovecot is  
supporting cram-nmd5 and digest-md5 only.

Horde-Authentication is made with custom sql-queries agains my MariaDB  
postfixadmin-table. If I login I receive the following error:  
"Unsupported authentication mechanism." from my dovecot-IMAP-server.
maillog:
May 20 09:16:33 imap dovecot: imap-login: Authenticate PLAIN failed:  
Unsupported authentication mechanism.: user=<>, method=PLAIN,  
rip=127.0.0.1, TLS, TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256  
bits), session=<x2ztNH4WQgB/AAAB>
May 20 09:16:33 imap dovecot: imap-login: Login:  
user=<fw-admin at it-ignorant.org>, method=CRAM-MD5, rip=127.0.0.1,  
mpid=17489, TLS, TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256  
bits), session=<x2ztNH4WQgB/AAAB>

After that all works fine, there are no more failure-messages:

May 20 09:18:54 imap dovecot: imap-login: Login:  
user=<fw-admin at it-ignorant.org>, method=CRAM-MD5, rip=127.0.0.1,  
mpid=17507, TLS, TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256  
bits), session=<wTlSPX4WTAB/AAAB>

I've enabled imap-debug-logging to see more informations:

------------------------------
>> Tue, 19 May 2015 16:11:56 +0000
>> Connection to: imap://127.0.0.1/
>> Server connection took 0,0001 seconds.
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID  
ENABLE IDLE STARTTLS LOGINDISABLED AUTH=DIGEST-MD5 AUTH=CRAM-MD5]  
Dovecot ready.
C: 1 STARTTLS
S: 1 OK Begin TLS negotiation now.
>> Command 1 took 0,0003 seconds.
>> Successfully completed TLS negotiation.
C: 2 CAPABILITY
S: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE  
IDLE LOGINDISABLED AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: 2 OK Pre-login capabilities listed, post-login capabilities have more.
>> Command 2 took 0,0005 seconds.
C: 3 LOGIN fw-admin at it-ignorant.org [PASSWORD]
S: 3 NO [ALERT] Unsupported authentication mechanism.
>> Command 3 took 0,0003 seconds
C: 4 [AUTHENTICATE response (username: fw-admin at it-ignorant.org)]
S: + PDk0NDM1NTcxMTgzM6kzMTAuMTQzMjA1MTkxNkBpbWFwLmlkbXoucXNrbS5kZT4=
C: ZndhZG1pbkBzc2ttLm5ldCBlMDM0MTdlMmY4NjMxZTu2NTA2MTJmMzI3ZTRkY1IyMA==
S: 4 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID  
ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS  
THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT  
CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC  
ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE  
BINARY MOVE QUOTA ACL RIGHTS=texk] Logged in
>> Command 4 took 0,0199 seconds.
>> CACHE: Using the Horde_Imap_Client_Cache_Backend_Cache storage driver.
C: 5 ENABLE QRESYNC
C: 6 NAMESPACE
S: * ENABLED QRESYNC
S: 5 OK Enabled.
>> Command 5 took 0,0008 seconds.
S: * NAMESPACE (("INBOX/" "/")) (("shared/" "/")) NIL
S: 6 OK Namespace completed.
>> Command 6 took 0,0019 seconds.
C: 8 LIST "" INBOX RETURN (SUBSCRIBED)
C: 7 LIST (SUBSCRIBED) "" (INBOX/* shared/*) RETURN (SUBSCRIBED)
S: * LIST (\Subscribed) "/" INBOX
S: 8 OK List completed.
>> Command 8 took 0,0011 seconds.
S: * LIST (\Subscribed) "/" INBOX/Trash
S: * LIST (\Subscribed) "/" INBOX/Drafts
S: * LIST (\Subscribed) "/" INBOX/Sent
S: * LIST (\Subscribed) "/" INBOX/Mailinglisten
S: * LIST (\Subscribed) "/" INBOX/Mailinglisten/CentOS
S: * LIST (\Subscribed) "/" INBOX/Mailinglisten/CentOS/Announce
S: 7 OK List completed.
>> Command 7 took 0,005 seconds.
C: 9 LOGOUT
S: * BYE Logging out
S: 9 OK Logout completed.
>> Command 9 took 0,0005 seconds.

Why the client tries to login with PASSWORD? Server said:
S: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE  
IDLE LOGINDISABLED AUTH=DIGEST-MD5 AUTH=CRAM-MD5

This strange behavior confuses the user.

Any idea what went wrong?


ttyl
Django
-- 
http://dokuwiki.nausch.org
http://wetterstation-pliening.info
http://ebersberger-liedersammlung.de



More information about the horde mailing list