digest-md5 problems with imapd, saslauthd and openldap

Craig Ringer craig at postnewspapers.com.au
Thu Nov 6 23:12:34 EST 2003

>  * imapd falls back to using sasldb access if digest authentication
>    is tried

IMHO that calls for a FAQ entry. "I'm trying to use saslauthd, and cyrus 
keeps on complaining that it can't read the SASL db - what's wrong?".

>  * Getting sasl to use an auxprop method that calls an LDAP server is
>    possible, but tricky. Various patches exist, but are non trivial
>    to install and configure.

OK, I may be totally wrong here but I thought LDAP authentication was 
normally done by logging in to the LDAP server with the user's name and 
password. As such, you shouldn't have permission to read the user's 
password off the LDAP server. I guess you could add a user 'cyrus' to 
the LDAP server with permission to read passwords if you wanted to use 
digest authentication types, though.

>  * Not bother with digest authentication at all for now

I'd love to use it personally. I have concerns about giving read access 
to passwords to anything, though. Does anybody here have an opinion on 
kerberizing the network so that slapd, cyrus etc just use kerberos?

Craig Ringer

More information about the Info-cyrus mailing list