suppressing DIGEST-MD5
Gary Mills
mills at cc.UManitoba.CA
Fri Jul 18 12:51:30 EDT 2003
On Fri, Jul 18, 2003 at 04:29:57PM +0100, Phil Chambers wrote:
> How can I stop the Cyrus imapd from advertising DIGEST-MD5 and CRAM-MD5 in the
> capabilities?
>
> I can't get Execmail or Mulberry to connect because they appear to see that
> DIGEST-MD5 is available and trys that. It fails, of course, because there is no
> shared secret.
We use auto_transition to populate the shared secret database from
plain-text passwords. This works reasonably well, although I'd prefer
another way to do it that is likely to continue to work.
Using both shared secrets and plain-text passwords introduces a
client/server interaction problem. Many IMAP clients will not fall
back to plain-text authentication when the server advertizes the
shared secret mechanisms, but the specific user does not have a
shared secret. The result is an impasse, since the user cannot
authenticate and also cannot set the shared secret. My current
workaround is to modify the c-client library so that it will fall
back to plain-text passwords.
Suggestions on either of these issues would be welcome.
--
-Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
More information about the Info-cyrus
mailing list