marcw at onlymooo.com
Mon Sep 6 23:25:49 EDT 2004
On Mon, 2004-09-06 at 21:07, Alexander Dalloz wrote:
> Am Di, den 07.09.2004 schrieb Marc Williams um 3:50:
> > Thanks for responding Alexander. I look forward to your posts in the FC
> > lists.
> Thanks :) You are welcome.
> > The entirety of my imapd.conf is as follows:
> > sasl_pwcheck_method: saslauthd
> > sasl_mech_list: pam
> Hu? This can not work. So I wonder how you are able to authenticate with
> your IMAP/IMAPs client.
> > It's *almost* stock. As I recall, I changed "PLAIN" to "pam" and
> > commented hashimapspool. The mech listed in /etc/sysconfig/saslauthd is
> > "shadow" which shouldn't matter, I believe, since the sasl_mech_list in
> > imapd.conf would override.
> pam is no SASL MECH. With "sasl_mech_list" you have to have entries like
> "PLAIN" or "LOGIN" or "CRAM-MD5". That are MECHs. And the saslauthd,
> which comes with SASLv2, has different possibilities to contact which is
> holding the AUTH data. "saslauthd -v" shows you what is possible with
> your saslauthd. But that are not the MECHs.
Indeed, that's exactly where I came up with pam for a mech - doing the
"saslauthd -v" like the instructions said to (I don't recall which
instructions right now). I guess I'll have to dig a bit deeper to
discover why pam can't be a mech.
> In short: change "sasl_mech_list" back to "PLAIN" in the imapd.conf and
> things will work again after a service restart.
As you probably read by now, that's what I did. And it did.
My only concern at this point is whether or not the "plain" mech is
adequate security. Thanks!
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus