Simplest way to get imap authentication with sasldb working?
Dan White
dwhite at olp.net
Mon Oct 19 09:58:24 EDT 2009
On 19/10/09 09:29 +1300, Raimund Eimann wrote:
>I've tried to get Cyrus IMAP running using SASLDB2 for authentication on
>an openSuSE Box and failed miserably. Is there somewhere a simple
>step-by-step description on how to get this running?
>
>One question I have, for instance is: Do I need saslauthd? I have it
>installed, but I believe that I've read somewhere that it's not required.
Raimund,
per the imapd.conf manpage (for 2.3.12), the default sasl configuration is:
sasl_auto_transition: 0
sasl_maximum_layer: 256
sasl_minimum_layer: 0
sasl_option: 0
sasl_pwcheck_method: <none>
sasl_mech_list: <none> (not documented)
sasl_auxprop_plugin: <none> (not documented)
If not specified, I believe sasl_pwcheck_method will use all available
pwcheck methods (auxprop, saslauthd, and pwcheck). If not specified,
sasl_mech_list will use all available authentication mechanisms, and if not
specified sasl_auxprop_plugin will use all available auxprop plugins.
sasldb is usually the only auxprop plugin installed, and so should be used
by default to perform your authentication. saslauthd can be used in
addition to your auxprop plugin, or instead of using your auxprop plugin
depending on how you configured sasl_pwcheck_method. If you intend to use
sasldb, then you can disable saslauthd.
sasl_pwcheck_method only applies to the simple password based login
methods:
PLAIN
LOGIN
the Login command (rfc 3501, section 6.2.3)
However, if you are using one of those methods to authenticate, be aware
that cyrus imapd may not allow any login using the methods (without SSL/TLS
or other encryption) if the 'allowplaintext' option (which is disabled by
default) is not enabled.
For DIGEST-MD5 and CRAM-MD5, your auxprop plugin (sasldb) will be used
regardless of your pwcheck_method config.
See:
http://cyrusimap.web.cmu.edu/imapd/install-auth.html
--
Dan White
More information about the Cyrus-sasl
mailing list