I am trying to enable proxy authentication in cyrus + SASL, i.e authenticating as the admin user cyrus
but with the access rights of any other user, e.g. peter
(as described here). I am trying with
imtest -a cyrus -u peter -m plain -t "" localhost
but it fails with S: A01 NO no mechanism available
. In the cyrus service log I see this entry:
badlogin: localhost [::1] PLAIN (peter) [SASL(-4): no mechanisms available: Unable to find a callback: 32773]
When I use -u cyrus
in the above command, it works, which means that cyrus accepts the PLAIN
mechanism which is apparently needed for proxy authentication.
Relevant options in /etc/imapd.conf
:
allowplaintext: yes
proxyservers: cyrus
sasl_mech_list: GSSAPI PLAIN LOGIN DIGEST-MD5
sasl_pwcheck_method: auxprop saslauthd
sasl_auxprop_plugin: gssapiv2
saslauthd
is using kerberos as authentication source which is run by a samba server. Do I somehow need to allow proxy authorization in samba? I found some references regarding OpenLDAP servers, but I was not able to transfer them to my situation.