Question: How to specify path to saslauthd mux socket in
imapd.conf?
Rob Siemborski
rjs3 at andrew.cmu.edu
Mon Dec 9 16:50:53 EST 2002
On Mon, 9 Dec 2002, Kevin M. Myer wrote:
> conversation (via , I don't give anything up security-wise. In other words, I
> can rely on the transport layer to provide encryption, instead of a higher layer
> and that way email can't be sniffed either.
You do of course realize that email is transmitted plaintext to your MX
server anyway from the rest of the world, right?
> So I upgraded to the latest versions of Cyrus SASL (2.1.10) and Cyrus
> IMAP (2.1.11) today on my test server. I got saslauthd working fine
> with LDAP for one Cyrus IMAP "virtual domain" (the altconfig type
> meaning I specify a full set of services per domain, bound to a unique
> IP address and I have a unique imapd.conf for each domain, I'm not
> talking about the newer virtual domain support). What I still need to
> figure out is how to specify which saslauthd mux socket for each
> domain's imap process to connect to. I know how to start multiple
> saslauthd's and specify which socket for them to create but I need to
> know how to specify in /etc/imapd.conf which of those sockets to connect
> to. I can't seem to find that documented anywhere (probably because its
> only in this special case scenario that you'd even need to use it :)
>From SASL's doc/options.html: saslauthd_path is the SASL option you want,
so sasl_saslauthd_path is the imapd.conf option. Leave off the "/mux"
You're right, this is really the only case I've ever heard of this support
actually being useful ;)
> Also, is it reasonable to think that most major IMAP clients could
> handle talking to a server that only listens on imaps (basically my
> forcing of TLS idea above)? I know my webmail client, IMP, can handle
> that but can most other standalone clients handle imaps well and will
> they barf over self-signed certificates?
Pine, Mulberry, Outlook, Mozilla, Netscape, etc should all have no trouble
with TLS. There may be a certificate warning about your self-signed
certificate.
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus
mailing list