Murder without Kerberos?

Thu Jul 6 16:38:24 EDT 2006

I haven't tried it with 2.3.6, but PLAIN should work.

I would suggest starting with
sasl_mech_list: PLAIN

in all your imapd.conf files (make sure it says only PLAIN).

and make sure there is no
  force_sasl_client_mech
lines anywhere.

Then make sure you can use imtest (with -m PLAIN and -t ""  (for  
tls)) to connect to backends, and then see if the backends will  
communicate correctly.

-Patrick
On Jul 6, 2006, at 2:32 PM, Andrew Findlay wrote:

> On Thu, Jul 06, 2006 at 11:43:50AM -0400, Patrick Radtke wrote:
>
>> We use PLAIN to authenticate between all the machines in our murder.
>
> That is very interesting. I found that I had to enable MD5 because
> the backends (and mupdate?) would not accept lower-strength
> authentication. PLAIN would be preferable for several reasons.
>
>
>> What version of Cyrus are you using?
>
> 2.3.6
>
>> do you have a
>> sasl_mech_list:
>> line in your imapd.conf?
>
> That is commented out at the moment, to allow MD5. I started with
> PLAIN and LOGIN only.
>
>> Can you auth using imtest and DIGEST-MD5?
>
> Yes
>
>> Do you support other mechanisms for users?
>
> I would like to support PLAIN, LOGIN, and DIGEST-MD5, but the latter
> requires a plaintext password database so it will probably be judged
> too risky.
>
> Thanks
>
> Andrew
> -- 
> ---------------------------------------------------------------------- 
> -
> |                 From Andrew Findlay, Skills 1st  
> Ltd                 |
> | Consultant in large-scale systems, networks, and directory  
> services |
> |     http://www.skills-1st.co.uk/                +44 1628  
> 782565     |
> ---------------------------------------------------------------------- 
> -