Configuring imap authentication

Hi

I tried to configure imap authentication in prosody, but failed so far.
I followed the instructions for setting up a secure domain and that works just fine with
internal_hashed authentication.
Then I tried to change it to use imap by using these settings in /etc/prosody/conf.avail/meet.domain.com.cfg.lua:

 24 VirtualHost "meet.domain.com"
 25         -- enabled = false -- Remove this line to enable this host
 26         -- authentication = "internal_hashed"
 27         authentication = "imap"
 28         imap_auth_host = "imap.domain.com"
 29         imap_auth_port = 993
 30         imap_auth_ream = "domain.com"

But this does not work.
In the logs I can see that the plugin is loaded and gets the server capabilities successfully.

107 Nov 30 12:36:44 x509    debug   Cert dNSName imap.ascolab.com matched hostname
108 Nov 30 12:36:44 sasl_imap       info    imap greeting: '* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRAL    S ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.'
109 Nov 30 12:36:44 sasl_imap       info    Capability: CAPABILITY
110 Nov 30 12:36:44 sasl_imap       info    Capability: IMAP4rev1
111 Nov 30 12:36:44 sasl_imap       info    Capability: LITERAL+
112 Nov 30 12:36:44 sasl_imap       info    Capability: SASL-IR
113 Nov 30 12:36:44 sasl_imap       info    Capability: LOGIN-REFERRALS
114 Nov 30 12:36:44 sasl_imap       info    Capability: ID
115 Nov 30 12:36:44 sasl_imap       info    Capability: ENABLE
116 Nov 30 12:36:44 sasl_imap       info    Capability: IDLE
117 Nov 30 12:36:44 sasl_imap       info    Capability: AUTH=PLAIN
118 Nov 30 12:36:44 sasl_imap       info    Supported SASL mechanism: PLAIN
119 Nov 30 12:36:44 sasl_imap       info    Capability: AUTH=LOGIN
120 Nov 30 12:36:44 sasl_imap       info    Supported SASL mechanism: LOGIN
121 Nov 30 12:36:44 sasl_imap       info    method:mechanisms()
122 Nov 30 12:36:44 auth_imap       info    Mechanims found: PLAIN

Later on I see this:

235 Nov 30 12:36:46 c2s55e1159c7c90 info    Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
236 Nov 30 12:36:46 c2s55e1159c7c90 debug   Not offering disabled mechanism DIGEST-MD5
237 Nov 30 12:36:46 c2s55e1159c7c90 debug   Offering mechanism PLAIN
238 Nov 30 12:36:46 c2s55e1159c7c90 debug   Offering mechanism SCRAM-SHA-1
239 Nov 30 12:36:46 c2s55e1159c7c90 debug   Offering mechanism SCRAM-SHA-1-PLUS
240 Nov 30 12:36:46 c2s55e1159c7c90 debug   Sending[c2s_unauthed]: <stream:features>
241 Nov 30 12:36:46 c2s55e1159c7c90 debug   Received[c2s_unauthed]: <auth mechanism='SCRAM-SHA-1' xmlns='urn:ietf:para    ms:xml:ns:xmpp-sasl'>
242 Nov 30 12:36:46 auth.meet.ascolab.com:auth_internal_plain       debug   get_password for username 'jvb'
243 Nov 30 12:36:46 auth.meet.ascolab.com:saslauth  debug   sasl reply: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-    sasl'>cj1pL3d4PWxdVGNzTV1ybVI9VVwuLjRpaFx3RWJlIydIejRjYWZiYTRkLWEyZWItNDg1Zi1iNWMwLTZhZWUxOWIwN2JmMCxzPU5qQmpNalJr    TWpndE5HRXlNaTAwTWpreExXRXdNVFl0T0dZMU1ERTVOamt3WkRBNSxpPTQwOTY=</challenge>
244 Nov 30 12:36:46 c2s55e1159c7c90 debug   Sending[c2s_unauthed]: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'    >
245 Nov 30 12:36:46 c2s55e1159c7c90 debug   Received[c2s_unauthed]: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'    >

The IMAP server used TLS encryption with auth PLAIN/LOGIN. The server does not support any DIGEST based login, because this would require plaintext passwords in the DB. Instead hashed passwords are stored in the user DB and the mail client sends the password as plaintext, which is OK due to the TLS encryption.
I guess jitsi/prosody config doesn’t like this.

The Jitsi web interface just says “Connecting…” and hangs. It does not report any errors, for this reason, I increased the trace level to “debug” on server side.

Any ideas how to fix this?