marcw at onlymooo.com
Tue Sep 7 10:57:06 EDT 2004
On Tue, 2004-09-07 at 08:59, Alexander Dalloz wrote:
> Am Di, den 07.09.2004 schrieb Marc Williams um 4:22:
> > I changed out my imapd.conf so that sasl_mech_list now says "plain" and
> > guess what? It now works. Which I guess sort of answers the question
> > except it's a little disconcerting to know that imapd will handle pam
> > but timsieved won't. Especially since I figured "plain" wouldn't be
> > very good security. Maybe I'll just leave it at "plain" and throw the
> > whole thing behind SSL.
> No, it is not that imapd handles PAM and timsieved not.
I believe you. But that's certainly what it seems you are saying below.
> All services (IMAP, POP3, timsieve) are calling the saslauthd for
> authentication processes. Which MECH they are allowed to use is defined
> in the imapd.conf. The saslauthd is configured to use a specific
> "authentication mechanism". This can be PAM or, which is default on
> Fedora, the shadow file. Using PAM or shadow is in this default case the
> same. You have just to remark that you can only use PLAIN and LOGIN when
> checking the AUTH data against shadow. Other backends can handle MD5
I'm having a tough time wrapping my arms around this. But that's okay.
For the time being, I'm comfortable knowing that there's others who
don't suffer from such cognitive challenges and whose advise I will be
sure to heed. I'm also fairly certain that in time I'll "get it".
> Yes, if you use PLAIN I would too use TLS to let the AUTH data not go
> unencrypted through the net.
Already done. Since most of my apps are web enabled types, they get
thrown inside Apache. And Apache makes it quite easy with their virtual
hosts to do this. It seems to be working quite well so far. And if I
take them off of the web, there's still imaps so I think I'll be ok.
Thanks Alexander! Again!
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus