ldapd not advertising AUTH=LOGIN
ken at oceana.com
Fri Apr 11 15:59:21 EDT 2003
Jeff Warnica wrote:
> subject should be imapd.. Been up way too long :)
> Ok, fair enough. To clarify, this is what Im thinking is happing now (Im
> trying to avoid significant words like authenticate/authorize and what
> Are these true?
> - the IMAP LOGIN command is the traditional method of verifing identity,
Its the standard built-in login command. It must be implemented by all
clients/servers in order to be compliant with IMAP
> ahd currently always works (unless overridden in a configuration file)
I can't speak for how other servers are implemented, but its possible
that it migth be disabled by a config file, or always disabled unless
protected by TLS (LOGINDISABLED capability).
> - with SASL a client is not so much as verifing identity with the IMAP
> server as it is with SASL which used common grammer among all protocols
> that use it
No. SASL does not provide a common grammar among protocols. Each
protocol has its own SASL profile which specifies the grammar. The
server verifys/authenticates the user via SASL just like it does with
the IMAP LOGIN command.
> - today, modern imap clients will always try to use SASL, and if there
> not using TLS would likely need special encouregement to use the
> plaintext IMAP LOGIN.
I don't know what you mean by modern. Not all clients support SASL and
some of those that do use non-standard SASL mechs like LOGIN and NTLM.
> One thing that is confusing me is that on an existing, production,
> server (running an old uw-imap server) its capability line is:
> CAPABILITY IMAP4 IMAP4REV1 NAMESPACE IDLE SCAN SORT MAILBOX-REFERRALS
> LOGIN-REFERRALS AUTH=LOGIN THREAD=ORDEREDSUBJECT
> And this works just fine. That machine does not somuch as have any file
> on it with "sasl" in the name, except for some ldap man pages.
AUTH=LOGIN is the SASL LOGIN mech. With the latest version of uw-imap,
AUTH=LOGIN will not be advertised unless SSL/TLS is active.
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus