Greg A. Woods woods-cyrus at
Tue Jun 9 21:32:35 EDT 2009

At Tue, 09 Jun 2009 01:19:49 +0200, lists at wrote:
Subject: Re: Re: sasl_pwcheck_method
>  Dan White schrieb:
>  > When authenticating via CRAM-MD5, the pwcheck_method will be ignored. 
>  > Your chosen pwcheck_method should only be referenced when 
>  > authenticating 
>  > via a 'plaintext' authentication mechanism - LOGIN or PLAIN.
> Good to know. I must have omitted this part of the manual.:-)
>  > The fact 
>  > that mtest attempted to authenticate via CRAM-MD5 probably means that 
>  > you are advertising CRAM-MD5 support within imapd.conf.
> Actually cyrus seems to do that by his own!? Adding sasl_mech_list: PLAIN LOGIN to imapd.conf stops advertising it.

I've had the following in my template imapd.conf file for years now:

    # Use these SASL authentication mechanisms.
    # Don't use CRAM-MD5 or DIGEST-MD5 if you don't have a local sasldb
    # and you start saslauthd with "-a getpwent"
    # Don't use OTP or ANONYMOUS unless you really need them -- it causes some
    # clients to prefer it, such as "cyradm".
    # Don't put PLAIN before LOGIN -- it buggers Mozilla.
    sasl_mech_list: LOGIN PLAIN

I'm not sure why Mozilla was confused, or whether current versions would
still be confused, but suffice it to say that no current clients I've
encountered in relatively large user populations have had problems with
the order being "LOGIN PLAIN".

						Greg A. Woods

+1 416 218-0098                VE3TCP          RoboHack <woods at>
Planix, Inc. <woods at>      Secrets of the Weird <woods at>

More information about the Info-cyrus mailing list