different sasl_mech_lists for imap and http?

Pim Zandbergen pim at zandbergen.org
Thu Oct 11 13:50:46 EDT 2018 

Right, I tried that, but used the wrong prefix ("dav" instead of  "http").

So I would probably need to define imaps_sasl_mech_list and 
https_sasl_mech_list too.

Can I save one line by mixing prefixed  and non-prefixed options as a 
default? Like

sasl_mech_list: login plain cram-md5 digest-md5
http_sasl_mech_list: login plain cram-md5
https_sasl_mech_list: login plain cram-md5

Thanks, also for not to have to worry about digest-md5 not working.

On 11-10-2018 19:28, Ken Murchison wrote:
> Yes. Each option in imapd.conf can be prefixed with a service name 
> from cyrus.conf.
>
> So if your services are named 'imap' and 'http', use:
>
> imap_sasl_mech_list
>
> http_sasl_mech_list
>
>
> Definitely don't rely on Digest for http.  Most implementations are 
> either broken or incompatible.  I should have never attempted to make 
> DIGEST-MD5 work for http.
>
>
> On 10/11/18 1:13 PM, Pim Zandbergen wrote:
>> Is there a simple way to configure a different sasl_mech_list for 
>> imap and http?
>>
>> I was allowing login, plain, cram-md5 and digest-md5 using sasldb, 
>> when I noticed digest-md5 is not working at all for http.
>> But it works fine for imap.
>>
>> I started noticing this when it turned out iOS CalDAV/CardDAV clients 
>> could not authenticate.
>> iOS, once it sees digest-md5 offered, apparently will not fall back 
>> to other mechs.
>> Other *dav clients appear to be less picky, especially over SSL.
>> But other *dav clients will start to fail too, if digest-md5 is the 
>> only mech available.
>>
>> Since I can't figure out what's wrong with my SASL setup, I'd like to 
>> disable digest-md5 for http,
>> but leave it enabled for imap where it works fine.
>>
>> I'm using cyrus imap 3.0.8 on Fedora.
>> ----
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
>
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

More information about the Info-cyrus mailing list