On 19/10/09 09:29 +1300, Raimund Eimann wrote:
I've tried to get Cyrus IMAP running using SASLDB2 for authentication on an openSuSE Box and failed miserably. Is there somewhere a simple step-by-step description on how to get this running? One question I have, for instance is: Do I need saslauthd? I have it installed, but I believe that I've read somewhere that it's not required.
Raimund, per the imapd.conf manpage (for 2.3.12), the default sasl configuration is: sasl_auto_transition: 0 sasl_maximum_layer: 256 sasl_minimum_layer: 0 sasl_option: 0 sasl_pwcheck_method: <none> sasl_mech_list: <none> (not documented) sasl_auxprop_plugin: <none> (not documented) If not specified, I believe sasl_pwcheck_method will use all available pwcheck methods (auxprop, saslauthd, and pwcheck). If not specified, sasl_mech_list will use all available authentication mechanisms, and if not specified sasl_auxprop_plugin will use all available auxprop plugins. sasldb is usually the only auxprop plugin installed, and so should be used by default to perform your authentication. saslauthd can be used in addition to your auxprop plugin, or instead of using your auxprop plugin depending on how you configured sasl_pwcheck_method. If you intend to use sasldb, then you can disable saslauthd. sasl_pwcheck_method only applies to the simple password based login methods: PLAIN LOGIN the Login command (rfc 3501, section 6.2.3) However, if you are using one of those methods to authenticate, be aware that cyrus imapd may not allow any login using the methods (without SSL/TLS or other encryption) if the 'allowplaintext' option (which is disabled by default) is not enabled. For DIGEST-MD5 and CRAM-MD5, your auxprop plugin (sasldb) will be used regardless of your pwcheck_method config. See: http://cyrusimap.web.cmu.edu/imapd/install-auth.html -- Dan White
