ldapd not advertising AUTH=LOGIN

Ken Murchison ken at oceana.com
Fri Apr 11 15:59:21 EDT 2003 


Jeff Warnica wrote:
> 
> subject should be imapd.. Been up way too long :)
> 
> Ok, fair enough. To clarify, this is what Im thinking is happing now (Im
> trying to avoid significant words like authenticate/authorize and what
> not.)
> 
> Are these true?
> 
> - the IMAP LOGIN command is the traditional method of verifing identity,

Its the standard built-in login command.  It must be implemented by all
clients/servers in order to be compliant with IMAP

> ahd currently always works (unless overridden in a configuration file)

I can't speak for how other servers are implemented, but its possible
that it migth be disabled by a config file, or always disabled unless
protected by TLS (LOGINDISABLED capability).

> 
> - with SASL a client is not so much as verifing identity with the IMAP
> server as it is with SASL which used common grammer among all protocols
> that use it

No.  SASL does not provide a common grammar among protocols.  Each
protocol has its own SASL profile which specifies the grammar.  The
server verifys/authenticates the user via SASL just like it does with
the IMAP LOGIN command.


> - today, modern imap clients will always try to use SASL, and if there
> not using TLS would likely need special encouregement to use the
> plaintext IMAP LOGIN.

I don't know what you mean by modern.  Not all clients support SASL and
some of those that do use non-standard SASL mechs like LOGIN and NTLM.


> One thing that is confusing me is that on an existing, production,
> server (running an old uw-imap server) its capability line is:
> 
> CAPABILITY IMAP4 IMAP4REV1 NAMESPACE IDLE SCAN SORT MAILBOX-REFERRALS
> LOGIN-REFERRALS AUTH=LOGIN THREAD=ORDEREDSUBJECT
> 
> And this works just fine. That machine does not somuch as have any file
> on it with "sasl" in the name, except for some ldap man pages.

AUTH=LOGIN is the SASL LOGIN mech.  With the latest version of uw-imap,
AUTH=LOGIN will not be advertised unless SSL/TLS is active.


-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the Info-cyrus mailing list