SASL config options in /etc/imapd.conf

Bron Gondwana brong at fastmail.fm
Sun Jul 19 21:22:33 EDT 2015 

On Sun, Jul 19, 2015, at 17:30, ellie timoney wrote:
> > - Why is this commented out ? Is this meant to be uncommented at some
> > point ?
> 
> Looking at git blame, that line has been commented out for as long as
> the file has existed in the repository.  There is a comment above it
> saying that it's commented out because it's used by libsasl, but I don't
> understand the implications of that myself.  Maybe that it's not needed
> in lib/imapoptions because libsasl takes care of it?  In which case I
> guess it exists as a comment in the imapoptions file as documentation
> that the option exists, even though it is not handled by this file
> particularly.

Correct - it's so it will be documented in "man imapd.conf", but won't
generate the config handling code within libcyrus, because it doesn't
actually get used there.

> > - Would you know if there is anything to configure manually to setup
> > SASL authentication with saslauthd using sasldb ?
> 
> I noticed in the "Running a basic server" document you wrote that you
> were using:
> 
> > sasl_pwcheck_method: saslauthd
> 
> Which is interesting because I had trouble getting that working when I
> tried it (for reasons that ended up being unrelated, I think, but I
> didn't try it again to verify).  I have my VM's configured with this,
> based I think on the config/docs shipped with debian's cyrus-imapd
> package:
> 
> > sasl_pwcheck_method: auxprop
> > sasl_auxprop_plugin: sasldb
> 
> I'm not sure what the difference is myself, just that this seemed to
> work (though I have not touched virtual domains yet).

It's amazing how hard SASL is to use in practice.  I'm sure if you raised
that on the appropriate mailing lists you would get tons of people defending
it with "you just have to read all the RFCs and understand why it's this way"
or something.

I don't understand SASL, I just muddle along like everyone else.

> I also see you're using:
> 
> > virtdomains: yes
> 
> There was a thread started by Willem Offermans on info-cyrus last week
> asking about an issue with virtual domains, in which Bron suggested
> instead using:
> 
> > virtdomains: userid
> 
> I don't know if it will help, but if you haven't already maybe give that
> a try too?

Yeah, "virtdomains: yes" is an abomination.


-- 
  Bron Gondwana
  brong at fastmail.fm

More information about the Cyrus-devel mailing list