Authentication questions

Dan White dwhite at
Wed Jun 27 17:26:28 EDT 2012

On 06/27/12 17:11 -0400, Rosenbaum, Larry M. wrote:
>I am currently running Cyrus IMAP 2.4.13-1.el6 on RHEL6. We currently have
>a bunch of IMAP user accounts that authenticate with plaintext+TLS using
>the system password data (saslauthd). We would like to add one POP3
>account that authenticates via APOP with no TLS (port 110) using the
>sasldb2 database. Ideally, we would also like the IMAP users to not be
>able to connect via POP.  How should I set this up?

If you are not currently using POP3, then when you add it to cyrus.conf,
you can specify unique sasl settings for it in /etc/imapd.conf, such as:

pop3_sasl_pwcheck_method: auxprop
#pop3_sasl_mech_list: (defaults to all mechanisms)
allowapop: 1

Where 'pop3' matches the name you provided to the service in cyrus.conf.
apop is a pseudo-authentication mechanism that is not specified in the

Dan White

More information about the Info-cyrus mailing list