different sasl_mech_lists for imap and http?

Pim Zandbergen pim at zandbergen.org
Thu Oct 11 13:13:42 EDT 2018


Is there a simple way to configure a different sasl_mech_list for imap 
and http?

I was allowing login, plain, cram-md5 and digest-md5 using sasldb, when 
I noticed digest-md5 is not working at all for http.
But it works fine for imap.

I started noticing this when it turned out iOS CalDAV/CardDAV clients 
could not authenticate.
iOS, once it sees digest-md5 offered, apparently will not fall back to 
other mechs.
Other *dav clients appear to be less picky, especially over SSL.
But other *dav clients will start to fail too, if digest-md5 is the only 
mech available.

Since I can't figure out what's wrong with my SASL setup, I'd like to 
disable digest-md5 for http,
but leave it enabled for imap where it works fine.

I'm using cyrus imap 3.0.8 on Fedora.


More information about the Info-cyrus mailing list