different sasl_mech_lists for imap and http?

Ken Murchison murch at fastmail.com
Thu Oct 11 13:28:39 EDT 2018


Yes.  Each option in imapd.conf can be prefixed with a service name from 
cyrus.conf.

So if your services are named 'imap' and 'http', use:

imap_sasl_mech_list

http_sasl_mech_list


Definitely don't rely on Digest for http.  Most implementations are 
either broken or incompatible.  I should have never attempted to make 
DIGEST-MD5 work for http.


On 10/11/18 1:13 PM, Pim Zandbergen wrote:
> Is there a simple way to configure a different sasl_mech_list for imap 
> and http?
>
> I was allowing login, plain, cram-md5 and digest-md5 using sasldb, 
> when I noticed digest-md5 is not working at all for http.
> But it works fine for imap.
>
> I started noticing this when it turned out iOS CalDAV/CardDAV clients 
> could not authenticate.
> iOS, once it sees digest-md5 offered, apparently will not fall back to 
> other mechs.
> Other *dav clients appear to be less picky, especially over SSL.
> But other *dav clients will start to fail too, if digest-md5 is the 
> only mech available.
>
> Since I can't figure out what's wrong with my SASL setup, I'd like to 
> disable digest-md5 for http,
> but leave it enabled for imap where it works fine.
>
> I'm using cyrus imap 3.0.8 on Fedora.
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

-- 
Ken Murchison
Cyrus Development Team
FastMail US LLC

-------------- next part --------------
A non-text attachment was scrubbed...
Name: murch.vcf
Type: text/x-vcard
Size: 4 bytes
Desc: not available
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20181011/b546d2f4/attachment.vcf>


More information about the Info-cyrus mailing list