SASL config options in /etc/imapd.conf

Conrad Kleinespel conradk at conradk.com
Thu Jul 23 02:40:07 EDT 2015 

Hello Ellie,

Thanks for the reply.

I ended up using "virtualdomains: userid" indeed, although from what I
understand in the docs, it shouldn't matter whether you use the one or
the other if a user specifies a fully qualified username (think
hello at example.com) as "a fully qualified userid takes precedence over a
domain obtained from the IP address" (source: docs). Right ?

Thanks again,

Conrad Kleinespel
conradk at conradk.com
+33 6 23 82 42 79

On Mon, Jul 20, 2015, at 02:30 AM, ellie timoney wrote:
> > - Why is this commented out ? Is this meant to be uncommented at some
> > point ?
> 
> Looking at git blame, that line has been commented out for as long as
> the file has existed in the repository.  There is a comment above it
> saying that it's commented out because it's used by libsasl, but I don't
> understand the implications of that myself.  Maybe that it's not needed
> in lib/imapoptions because libsasl takes care of it?  In which case I
> guess it exists as a comment in the imapoptions file as documentation
> that the option exists, even though it is not handled by this file
> particularly.
> 
> > - Would you know if there is anything to configure manually to setup
> > SASL authentication with saslauthd using sasldb ?
> 
> I noticed in the "Running a basic server" document you wrote that you
> were using:
> 
> > sasl_pwcheck_method: saslauthd
> 
> Which is interesting because I had trouble getting that working when I
> tried it (for reasons that ended up being unrelated, I think, but I
> didn't try it again to verify).  I have my VM's configured with this,
> based I think on the config/docs shipped with debian's cyrus-imapd
> package:
> 
> > sasl_pwcheck_method: auxprop
> > sasl_auxprop_plugin: sasldb
> 
> I'm not sure what the difference is myself, just that this seemed to
> work (though I have not touched virtual domains yet).
> 
> I also see you're using:
> 
> > virtdomains: yes
> 
> There was a thread started by Willem Offermans on info-cyrus last week
> asking about an issue with virtual domains, in which Bron suggested
> instead using:
> 
> > virtdomains: userid
> 
> I don't know if it will help, but if you haven't already maybe give that
> a try too?
> 
> On Mon, Jul 20, 2015, at 01:19 AM, Conrad Kleinespel wrote:
> > Hello everyone,
> > 
> > After struggling a lot to try and get SASL authentication to work for
> > users with a domain name (eg conradk at conradk.com), I have noticed that
> > the "sasl_pwcheck_method" recommended in the documentation seems to be
> > commented out of the Cyrus code.
> > 
> > See here for the commented out option:
> > https://git.cyrus.foundation/diffusion/I/browse/master/lib/imapoptions;690587fd545c291f2f52e2e3a14c8d4b6faad146$1600
> > 
> > I have 2 questions:
> > - Why is this commented out ? Is this meant to be uncommented at some
> > point ?
> > - Would you know if there is anything to configure manually to setup
> > SASL authentication with saslauthd using sasldb ?
> > 
> > Thanks a lot for your help ! :-)
> > 
> > Best regards,
> > 
> > Conrad Kleinespel
> > conradk at conradk.com
> > +33 6 23 82 42 79

More information about the Cyrus-devel mailing list