Cyrus-imapd2 with Cyrus-sasl2 with IMAP login/authenticate
Rob Siemborski
rjs3 at andrew.cmu.edu
Thu Jan 2 13:37:33 EST 2003
On Fri, 3 Jan 2003, Martin Y. Chiu wrote:
> After reading some document and tracing some code of imapd2 and
> sasl, I found that cyrus-imapd2 use the different authentication
> method with IMAP 'LOING' and 'AUTHENTICATE' command. LOGIN uses
> sasl_checkpass() and AUTHENTICATE uses sasl_server_start() and
> sasl_server_step() to authentication. This two method may use the
> difference user database -- sasl_checkpass() uses saslauthd and
> sasl_server_step() uses sasldb2, am I right ?
Yes and no.
sasl_checkpass can use saslauthd or an auxprop database (based on
pwcheck_method). Depending on mechanism, they may also use
sasl_checkpass, or they may need to access a database directly. In the
case of PLAIN and LOGIN, they just do a sasl_checkpass internally.
DIGEST-MD5, CRAM-MD5, etc, all need the plaintext password.
> This may cause some problem that PHP with cclinet-2002, and it
> trys to use AUTHENTICATE but Outlook Express can use only LOGIN.
I don't see a problem.
> Is there any way I can change this behavior or correct method to
> setup Cyrus-imapd2 with coherent user database ?
Either only allow LOGIN and PLAIN SASL mechanisms, or use the sasldb/mysql
database with a pwcheck method of "auxprop"
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus
mailing list