Bug 748278 - Add digest-md5 as part of default auth mechanisms
Summary: Add digest-md5 as part of default auth mechanisms
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: cyrus-imapd
Version: rawhide
Hardware: All
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Michal Hlavinka
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-23 21:09 UTC by Philip Prindeville
Modified: 2016-11-24 20:37 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-24 09:13:37 UTC
Type: ---

Attachments (Terms of Use)
Add app realm an non-cleartext authentication mechanisms (472 bytes, patch)
2011-10-23 21:09 UTC, Philip Prindeville 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 748279 0 unspecified CLOSED Sendmail's use of /etc/sasldb2 database is not service-specific 2021-02-22 00:41:40 UTC

Internal Links: 748279

Description Philip Prindeville 2011-10-23 21:09:14 UTC 
Created attachment 529708 [details]
Add app realm an non-cleartext authentication mechanisms

Description of problem:

A couple of different issues. (1) digest-md5 is supported in IMAPD without any of the additional optional cyrus-sasl packages. (2) the /etc/sasldb2 database could be used for multiple services, so best to include a specific service name as part of authentication n-tuple (username, password, service).

Version-Release number of selected component (if applicable):

2.4.11-1

How reproducible:

Examine /etc/imapd.conf


Steps to Reproduce:
1.
2.
3.
  
Actual results:

Only PLAIN is listed as a default authentication mechanism. LOGIN and DIGEST-MD5 should also be included, as these are part of the base functionality and avoid sending passwords in the clear (albeit over an encrypted channel).

No app/realm is used when looking up user authentication info.


Expected results:

Allow richer functionality of LOGIN and DIGEST-MD5.

Use the "mail" app/realm name to specify a service.

Additional info:
Comment 1 Robert Scheck 2011-11-21 07:59:50 UTC 
I don't think it's a good idea to include DIGEST-MD5 by default, because PAM
and DIGEST-MD5 do not work together, which is given by the defaults usually.
Comment 2 Philip Prindeville 2011-11-24 21:11:24 UTC 
(In reply to comment #1)
> I don't think it's a good idea to include DIGEST-MD5 by default, because PAM
> and DIGEST-MD5 do not work together, which is given by the defaults usually.

Can we add a comment that it's recommended when using sasldb2 for authentication against cleartext passwords?
Comment 3 Michal Hlavinka 2011-12-07 10:50:29 UTC 
digest-md5 was removed
Comment 4 Philip Prindeville 2016-11-24 20:37:39 UTC 
I'm confused by the status...  It's marked WONTFIX but doing a "fedpkg clone cyrus-imapd" says otherwise...
Note You need to log in before you can comment on or make changes to this bug.