offering limited pop access

Andreas Winkelmann ml at awinkelmann.de
Thu Oct 30 12:54:21 EDT 2008 

Am Donnerstag 30 Oktober 2008 17:09:21 schrieb Wesley Craig:

> I think the actual syntax would be:
>
> 	sasl_pop_pwcheck_method: auxprop
> 	sasl_pop_auxprop_plugin: sasldb
>
> The documentation (which needs improvement, and since you're getting
> free help on the cyrus list I hope you'll open a bugzilla with some
> suggested improvements) is mostly in the imapd.conf man page.  In
> particular:
>
>         sasl_option: 0
>              Any SASL option can be set by preceding it  with
> "sasl_".   This
>              file overrides the SASL configuration file.
>
> There are a couple of other examples, e.g.:
>
>         sasl_pwcheck_method: <none>
>              The  mechanism  used by the server to verify plaintext
> passwords.
>              Possible values include "auxprop", "saslauthd", and
> "pwcheck".
>
> What's mentioned in the SASL documentation (which is considerably
> worse than the IMAP documentation, IMHO) is that you can put the
> service name between sasl_ and _option.  

No, the Service-Name is prepended before the complete Option. This means

servicename_sasl_option: ...

For example:

pop3_sasl_mech_list: PLAIN LOGIN

> Also missing is what Cyrus
> IMAP uses for the service names -- I looked in the code to decide
> that "pop" was probably right and "pop3" is probably wrong.

Service-Name itself is the given name of the Daemon from cyrus.conf. It is not 
the service Name from Cyrus-SASL. Separating Options between the Daemons is 
not a Cyrus-SASL Feature it is a Cyrus-IMAP Feature. You can use it for other 
Options than Cyrus-SASL Options in imapd.conf, too.

...
pop3          cmd="pop3d" listen="pop3" prefork=0
...

Here it is "pop3". So Options for this Service begin with:

pop3_


> On 30 Oct 2008, at 06:42, Ian Eiloart wrote:
> > Can I ask how you discovered the "well hidden feature" of
> > imapd.conf? Is
> > there proper documentation for this anywhere?
> >
> > --On 29 October 2008 20:16:21 +0100 Andreas Winkelmann
> > <ml at awinkelmann.de>
> >
> > wrote:
> >> # SASL-COnfig only for pop3 Daemon
> >> pop3_sasl_pwcheck_method: auxprop
> >> pop3_sasl_auxprop_plugin: sasldb
> >> pop3_sasl_mech_list: plain login cram-md5 digest-md5

At the end, I would add another (and maybe the best) way. You (OP) can add the 
Servicename in the LDAP-Query from saslauthd with %s. So you only need to add 
something in the LDAP-Entry which includes the Service-Name. 

Here it is the Cyrus-SASL Service Name "imap", "pop", "sieve"...

--
Andreas

More information about the Info-cyrus mailing list