different sasl_mech_lists for imap and http?
Ken Murchison
murch at fastmail.com
Thu Oct 11 13:28:39 EDT 2018
Yes. Each option in imapd.conf can be prefixed with a service name from
cyrus.conf.
So if your services are named 'imap' and 'http', use:
imap_sasl_mech_list
http_sasl_mech_list
Definitely don't rely on Digest for http. Most implementations are
either broken or incompatible. I should have never attempted to make
DIGEST-MD5 work for http.
On 10/11/18 1:13 PM, Pim Zandbergen wrote:
> Is there a simple way to configure a different sasl_mech_list for imap
> and http?
>
> I was allowing login, plain, cram-md5 and digest-md5 using sasldb,
> when I noticed digest-md5 is not working at all for http.
> But it works fine for imap.
>
> I started noticing this when it turned out iOS CalDAV/CardDAV clients
> could not authenticate.
> iOS, once it sees digest-md5 offered, apparently will not fall back to
> other mechs.
> Other *dav clients appear to be less picky, especially over SSL.
> But other *dav clients will start to fail too, if digest-md5 is the
> only mech available.
>
> Since I can't figure out what's wrong with my SASL setup, I'd like to
> disable digest-md5 for http,
> but leave it enabled for imap where it works fine.
>
> I'm using cyrus imap 3.0.8 on Fedora.
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
--
Ken Murchison
Cyrus Development Team
FastMail US LLC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: murch.vcf
Type: text/x-vcard
Size: 4 bytes
Desc: not available
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20181011/b546d2f4/attachment.vcf>
More information about the Info-cyrus
mailing list