sieve problems
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Tue Sep 7 09:59:07 EDT 2004
Am Di, den 07.09.2004 schrieb Marc Williams um 4:22:
> I changed out my imapd.conf so that sasl_mech_list now says "plain" and
> guess what? It now works. Which I guess sort of answers the question
> except it's a little disconcerting to know that imapd will handle pam
> but timsieved won't. Especially since I figured "plain" wouldn't be
> very good security. Maybe I'll just leave it at "plain" and throw the
> whole thing behind SSL.
No, it is not that imapd handles PAM and timsieved not.
All services (IMAP, POP3, timsieve) are calling the saslauthd for
authentication processes. Which MECH they are allowed to use is defined
in the imapd.conf. The saslauthd is configured to use a specific
"authentication mechanism". This can be PAM or, which is default on
Fedora, the shadow file. Using PAM or shadow is in this default case the
same. You have just to remark that you can only use PLAIN and LOGIN when
checking the AUTH data against shadow. Other backends can handle MD5
MECHs.
Yes, if you use PLAIN I would too use TLS to let the AUTH data not go
unencrypted through the net.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp
Serendipity 15:52:24 up 8 days, 13:09, load average: 0.19, 0.13, 0.06
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list