| Summary: | Add digest-md5 as part of default auth mechanisms | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Philip Prindeville <philipp> | ||||
| Component: | cyrus-imapd | Assignee: | Michal Hlavinka <mhlavink> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | rawhide | CC: | mhlavink, philipp, vanmeeuwen+fedora | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-10-24 09:13:37 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
I don't think it's a good idea to include DIGEST-MD5 by default, because PAM and DIGEST-MD5 do not work together, which is given by the defaults usually. (In reply to comment #1) > I don't think it's a good idea to include DIGEST-MD5 by default, because PAM > and DIGEST-MD5 do not work together, which is given by the defaults usually. Can we add a comment that it's recommended when using sasldb2 for authentication against cleartext passwords? digest-md5 was removed I'm confused by the status... It's marked WONTFIX but doing a "fedpkg clone cyrus-imapd" says otherwise... |
Created attachment 529708 [details] Add app realm an non-cleartext authentication mechanisms Description of problem: A couple of different issues. (1) digest-md5 is supported in IMAPD without any of the additional optional cyrus-sasl packages. (2) the /etc/sasldb2 database could be used for multiple services, so best to include a specific service name as part of authentication n-tuple (username, password, service). Version-Release number of selected component (if applicable): 2.4.11-1 How reproducible: Examine /etc/imapd.conf Steps to Reproduce: 1. 2. 3. Actual results: Only PLAIN is listed as a default authentication mechanism. LOGIN and DIGEST-MD5 should also be included, as these are part of the base functionality and avoid sending passwords in the clear (albeit over an encrypted channel). No app/realm is used when looking up user authentication info. Expected results: Allow richer functionality of LOGIN and DIGEST-MD5. Use the "mail" app/realm name to specify a service. Additional info: