Having some problems with setting up a proxy with any authentication mechanisms other than PLAIN. My passwords are
stored in my database in plaintext (and MD5), so I figure I could use whatever scheme I want. Using the latest RC15. MySQL for the backend.
This first one is CRAM-MD5. It fails (scheme_r != NULL??) then PLAIN tries to take over, but the auth server is restarting:
Info: auth(default): client in: AUTH 1 CRAM-MD5 service=POP3 secured lip=
204.x.x.x rip=209.x.x.x resp=
Info: auth(default): client out: CONT 1 PDA1MTA2OTcxNzY0NjA1MTAuMTE2NjIwMjUxNkBtYXJiZWxsYS5pbmZvd2VzdC5jb20+
Info: auth(default): client in: CONT 1 YnV0Y2hAaW5mb3dlc3QuY29tIDBhNGNjNDJlN2QxOWI4ZjlkYjk0MjE2OTgxOGVmM2Ri
Error: auth(default): file passdb-cache.c: line 120 (passdb_cache_lookup_credentials): assertion failed: (*scheme_r != NULL)
Error: child 63406 (auth) killed with signal 6
Info: pop3-login: Authenticate PLAIN failed: Authentication failed: Authentication server isn't connected, try again later..: method=PLAIN, rip=
209.x.x.x, lip=204.x.x.x, TLS
After this I tried adding this line to my Proxy dovecot-sql.conf file since the Destination already had it:
default_pass_scheme = plain
When I try connecting now, I get this:
Info: auth(default): client in: AUTH 1 CRAM-MD5 service=POP3 secured lip=204.x.x.x rip=209.x.x.x resp=
Info: auth(default): client out: CONT 1 PDg1NDgyMTgxOTgyNzI0NDIuMTE2NjIwMzg2MkBtYXJiZWxsYS5pbmZvd2VzdC5jb20+
Info: auth(default): client in: CONT 1 YnV0Y2hAaW5mb3dlc3QuY29tIDIzM2FjODE3NmMwNzZkNWE1MmZhNzdhNDJlODVmMjAy
Info: auth-worker(default): sql(user@host.com,209.x.x.x): query: SELECT NULL AS password,
v.storeIP AS host, v.userID AS destuser, 'Y
' AS nologin, 'Y' AS nodelay, 'Y' AS proxy FROM virtmailbox AS v WHERE v.userID = 'user@host.com' and v.imap_active
= 1
Error: auth-worker(default): file passdb.c: line 120 (passdb_handle_credentials): assertion failed: (password != NULL)
Error: child 69536 (auth-worker) killed with signal 6
Info: auth(default): client out: FAIL 1 user=
user@host.com temp
This last error is the same that I get when trying NTLM. Now, the password should be NULL, since I dont want to do any authentication
on the Proxy, but simply forward it off to let the destination host handle it.
Now the host that the proxy sends it off to works fine when I connect to it directly. I have the same default mechanisms
allowed on both Proxy and destination.
Anybody have any clues? I'd really like to figure out how to proxy "secure password" requests to my destination server without
having to rely on plaintext. Plaintext works fine with the proxy, but I am unable to get anything else working.
Am I overlooking something obvious?
Thanks,
Cassidy