suppressing DIGEST-MD5

Gary Mills mills at cc.UManitoba.CA
Fri Jul 18 12:51:30 EDT 2003

On Fri, Jul 18, 2003 at 04:29:57PM +0100, Phil Chambers wrote:
> How can I stop the Cyrus imapd from advertising DIGEST-MD5 and CRAM-MD5 in the 
> capabilities?
> I can't get Execmail or Mulberry to connect because they appear to see that 
> DIGEST-MD5 is available and trys that.  It fails, of course, because there is no 
> shared secret.

We use auto_transition to populate the shared secret database from
plain-text passwords.  This works reasonably well, although I'd prefer
another way to do it that is likely to continue to work.

Using both shared secrets and plain-text passwords introduces a
client/server interaction problem.  Many IMAP clients will not fall
back to plain-text authentication when the server advertizes the
shared secret mechanisms, but the specific user does not have a
shared secret.  The result is an impasse, since the user cannot
authenticate and also cannot set the shared secret.  My current
workaround is to modify the c-client library so that it will fall
back to plain-text passwords.

Suggestions on either of these issues would be welcome.

-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-

More information about the Info-cyrus mailing list