question on cyrus authentication

Erik Myllymaki erik.myllymaki at
Fri Jun 25 14:35:29 EDT 2004

Sebastian Hagedorn wrote:

> Hi,
> -- Erik Myllymaki <erik.myllymaki at> is rumored to have 
> mumbled on Freitag, 25. Juni 2004 7:49 Uhr -0700 regarding question on 
> cyrus authentication:
>> I have a mail server running Exim 4.21 and Cyrus 2.1.17.
>> I use sasldb2 for the passwords. This requires a client that knows
>> CRAM-MD5.
> why would you say that? Most mechanisms work with sasldb ... we don't 
> use Exim but Sendmail, but that shouldn't be relevant.
>> I have Exim setup to use the same sasldb2 database for SMTP
>> authentication, as well.
>> So far this has been fine because my clients have been *force-fed*
>> Thunderbird and Squirrelmail as clients and they both understand 
>> CRAM-MD5.
>> Now, I will have 30 more users moving over to this mail server, but they
>> ALL use Outlook Express, and I know that OE does not do CRAM-MD5.
>> Obviously I do not want to start using local user passwords AND sasldb2
>> passwords for all these users (and more to follow). Also, I have to make
>> a decision and deploy it by July 1st.
>> So, my options that I see are:
>> 1.   Force them all to use Thunderbird.
>> 2.   Use local user accounts and passwords for all of them and use 
>> TLS to
>> secure the PLAINTEXT logins. I already have TLS configured.
> You should do that anyway.
>> 3. *Somehow*, configure Cyrus and Exim to allow both PLAINTEXT over TLS
>> and CRAM-MD5 logins.
OK, I am now quite confused - just how are my users authenticating to 
/etc/sasldb2 ?

[erik at mail root]# saslauthd -v
saslauthd 2.1.17
authentication mechanisms: getpwent pam rimap shadow ldap

So no sasldb there...

[erik at mail root]# cat /etc/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: root cyrus
sieveusehomedir: false
sievedir: /var/imap/sieve
allowanonymouslogin: no
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN RC4-MD5 CRAM-MD5
lmtp_allowplaintext: true
lmtp_downcase_rcpt: yes
tls_cert_file: /var/imap/server.pem
tls_ca_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem

And here's how saslauthd is called:

ps ax:
 1259 ?        S      0:00 /usr/sbin/saslauthd -m /var/run/saslauthd/mux 
-a shadow

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list