Results 1 to 5 of 5

Thread: How to enable AUTH PLAIN login method

  1. #1
    Join Date
    Aug 2013
    Posts
    4
    Rep Power
    2

    Question How to enable AUTH PLAIN login method

    Hello,

    I've been trying to get the imap AUTH PLAIN login method enabled using the "Enable clear text login" in the admin panel; but failed to use the PLAIN method over an Imap connection port 143 and even using an SSL conection to port 993.

    A friend suggested to confirm the capabilities of the imap server using telnet to por 143 but no PLAIN option is listed:

    $ telnet <myserver> 143
    1 OK [CAPABILITY IMAP4rev1 ACL BINARY CATENATE CHILDREN CONDSTORE ENABLE ESEARCH ESORT I18NLEVEL=1 ID IDLE LIST-EXTENDED LIST-STATUS LITERAL+ LOGIN-REFERRALS MULTIAPPEND NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SEARCHRES SORT THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN XLIST] LOGIN completed


    Does anyone have a clue what am I doing wrong?

    Regards,
    Ivan Teran

    Here I post the zmprov config:

    $ zmprov gs <myserver> | grep Imap
    zimbraAdminImapImportNumThreads: 20
    zimbraImapBindOnStartup: TRUE
    zimbraImapBindPort: 143
    zimbraImapCleartextLoginEnabled: TRUE
    zimbraImapExposeVersionOnBanner: FALSE
    zimbraImapMaxConnections: 200
    zimbraImapMaxRequestSize: 10240
    zimbraImapNumThreads: 200
    zimbraImapProxyBindPort: 7143
    zimbraImapSSLBindOnStartup: TRUE
    zimbraImapSSLBindPort: 993
    zimbraImapSSLProxyBindPort: 7993
    zimbraImapSSLServerEnabled: TRUE
    zimbraImapSaslGssapiEnabled: FALSE
    zimbraImapServerEnabled: TRUE
    zimbraImapShutdownGraceSeconds: 10
    zimbraReverseProxyImapEnabledCapability: ACL
    zimbraReverseProxyImapEnabledCapability: BINARY
    zimbraReverseProxyImapEnabledCapability: CATENATE
    zimbraReverseProxyImapEnabledCapability: CHILDREN
    zimbraReverseProxyImapEnabledCapability: CONDSTORE
    zimbraReverseProxyImapEnabledCapability: ENABLE
    zimbraReverseProxyImapEnabledCapability: ESEARCH
    zimbraReverseProxyImapEnabledCapability: ESORT
    zimbraReverseProxyImapEnabledCapability: I18NLEVEL=1
    zimbraReverseProxyImapEnabledCapability: ID
    zimbraReverseProxyImapEnabledCapability: IDLE
    zimbraReverseProxyImapEnabledCapability: IMAP4rev1
    zimbraReverseProxyImapEnabledCapability: LIST-EXTENDED
    zimbraReverseProxyImapEnabledCapability: LIST-STATUS
    zimbraReverseProxyImapEnabledCapability: LITERAL+
    zimbraReverseProxyImapEnabledCapability: MULTIAPPEND
    zimbraReverseProxyImapEnabledCapability: NAMESPACE
    zimbraReverseProxyImapEnabledCapability: QRESYNC
    zimbraReverseProxyImapEnabledCapability: QUOTA
    zimbraReverseProxyImapEnabledCapability: RIGHTS=ektx
    zimbraReverseProxyImapEnabledCapability: SASL-IR
    zimbraReverseProxyImapEnabledCapability: SEARCHRES
    zimbraReverseProxyImapEnabledCapability: SORT
    zimbraReverseProxyImapEnabledCapability: THREAD=ORDEREDSUBJECT
    zimbraReverseProxyImapEnabledCapability: UIDPLUS
    zimbraReverseProxyImapEnabledCapability: UNSELECT
    zimbraReverseProxyImapEnabledCapability: WITHIN
    zimbraReverseProxyImapEnabledCapability: XLIST
    zimbraReverseProxyImapExposeVersionOnBanner: FALSE
    zimbraReverseProxyImapSaslGssapiEnabled: FALSE
    zimbraReverseProxyImapSaslPlainEnabled: TRUE
    zimbraReverseProxyImapStartTlsMode: only
    zimbraStatThreadNamePrefix: ImapSSLServer
    zimbraStatThreadNamePrefix: ImapServer

  2. #2
    Join Date
    Jul 2007
    Location
    US
    Posts
    67
    Rep Power
    8

    Default

    If you're running the proxy service, and it looks like you might be, you'll need to enable auth plain for that as well. This may be helpful:
    NGINX Configuration Tips - Zimbra :: Wiki

  3. #3
    Join Date
    Aug 2013
    Posts
    4
    Rep Power
    2

    Default

    Hello ppearl,

    Followed the instructions to enable auth plain in the proxy service, but it did not work either; then I thought to check which services I have enabled in my server and this is the output:

    zmprov gs <myserver> | grep ServiceEnabled
    zimbraServiceEnabled: antivirus
    zimbraServiceEnabled: antispam
    zimbraServiceEnabled: opendkim
    zimbraServiceEnabled: logger
    zimbraServiceEnabled: mailbox
    zimbraServiceEnabled: mta
    zimbraServiceEnabled: stats
    zimbraServiceEnabled: snmp
    zimbraServiceEnabled: ldap
    zimbraServiceEnabled: spell

  4. #4
    Join Date
    Jul 2007
    Location
    US
    Posts
    67
    Rep Power
    8

    Default

    [...snip...]
    A friend suggested to confirm the capabilities of the imap server using telnet to por 143 but no PLAIN option is listed:

    $ telnet <myserver> 143
    1 OK [CAPABILITY IMAP4rev1 ACL BINARY CATENATE CHILDREN CONDSTORE ENABLE ESEARCH ESORT I18NLEVEL=1 ID IDLE LIST-EXTENDED LIST-STATUS LITERAL+ LOGIN-REFERRALS MULTIAPPEND NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SEARCHRES SORT THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN XLIST] LOGIN completed

    Does anyone have a clue what am I doing wrong?
    [...snip...]

    Hi again Ivan. Your example with telnet leaves out the command you issued, and it appears that you probably did a 1 LOGIN <username> <password>. Right? Did you try to do a CAPABILITY command *before* the LOGIN? If you did that, I suspect you'll see what you're hoping to see (AUTH=PLAIN).

    For example (I'm using nc as I didn't install telnet on that host):

    [z8 ~]$ nc localhost 143
    * OK IMAP4 ready
    1 CAPABILITY
    * CAPABILITY ACL BINARY CATENATE CHILDREN CONDSTORE ENABLE ESEARCH ESORT I18NLEVEL=1 ID IDLE IMAP4rev1 LIST-EXTENDED LIST-STATUS LITERAL+ MULTIAPPEND NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SEARCHRES SORT THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN XLIST AUTH=PLAIN STARTTLS
    1 OK completed

    Then if you want to test it, performing an AUTHENTICATE PLAIN you can follow the example in one of the answers here:
    pop3 - How to connect IMAP using AUTHENTICATE PLAIN correctly? - Stack Overflow

    If you issue the CAPABILITY command after a successful AUTHENTICATE/LOGIN you'll find that the authentication capabilities are no longer listed because they're no longer valid commands within that active session.

    Hope this helps!
    Phil


  5. #5
    Join Date
    Aug 2013
    Posts
    4
    Rep Power
    2

    Default

    Hello ppearl,

    I followed your advice and you were right, now this is the response I get, AUTH PLAIN ENABLED!

    1 capability
    * CAPABILITY IMAP4rev1 STARTTLS AUTH=PLAIN ACL BINARY CATENATE CHILDREN CONDSTORE ENABLE ESEARCH ESORT I18NLEVEL=1 ID IDLE LIST-EXTENDED LIST-STATUS LITERAL+ LOGIN-REFERRALS MULTIAPPEND NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SEARCHRES SORT THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN XLIST
    1 OK CAPABILITY completed

    Thanks a lot for your help, now I'll keep trying with the imaptools I'm using.

    Regards,
    Ivan

Similar Threads

  1. [SOLVED] Imapsync auth method problem
    By guigsilva in forum Migration
    Replies: 4
    Last Post: 07-05-2012, 05:17 PM
  2. Replies: 0
    Last Post: 12-09-2009, 08:33 AM
  3. [SOLVED] IMAP/SSL,Plain Login
    By jon.langland in forum Installation
    Replies: 7
    Last Post: 08-27-2008, 02:16 PM
  4. Replies: 3
    Last Post: 08-08-2008, 12:43 AM
  5. Enable SMTP Auth to external users
    By VictorMedina in forum Administrators
    Replies: 1
    Last Post: 05-24-2006, 11:06 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •