ldapd not advertising AUTH=LOGIN
Jeff Warnica
jeffw at chebucto.ns.ca
Fri Apr 11 15:15:34 EDT 2003
subject should be imapd.. Been up way too long :)
Ok, fair enough. To clarify, this is what Im thinking is happing now (Im
trying to avoid significant words like authenticate/authorize and what
not.)
Are these true?
- the IMAP LOGIN command is the traditional method of verifing identity,
ahd currently always works (unless overridden in a configuration file)
- with SASL a client is not so much as verifing identity with the IMAP
server as it is with SASL which used common grammer among all protocols
that use it
- today, modern imap clients will always try to use SASL, and if there
not using TLS would likely need special encouregement to use the
plaintext IMAP LOGIN.
One thing that is confusing me is that on an existing, production,
server (running an old uw-imap server) its capability line is:
CAPABILITY IMAP4 IMAP4REV1 NAMESPACE IDLE SCAN SORT MAILBOX-REFERRALS
LOGIN-REFERRALS AUTH=LOGIN THREAD=ORDEREDSUBJECT
And this works just fine. That machine does not somuch as have any file
on it with "sasl" in the name, except for some ldap man pages.
On Fri, 2003-04-11 at 15:50, Ken Murchison wrote:
>
>
> There is a difference between the SASL LOGIN mechanism and the IMAP
> LOGIN command. When you do 'imtest -m login' you're using the IMAP
> LOGIN command. The IMAP LOGIN command is always available unless you
> specifically set allowplaintext:0 The SASL LOGIN mech, along with the
> PLAIN mech, are only advertised when a security layer is active (eg,
> SSL/TLS), per RFC 2595.
More information about the Info-cyrus
mailing list