On Wed, Dec 05, 2007 at 09:26:58AM -0600, Dan White wrote: > The auxprop plugin gives you the ability to authenticate using > the PLAIN, LOGIN, DIGEST-MD5, CRAM-MD5, NTLM and OTP mechs (and > probably more). > > saslauthd only gives you the ability to authenticate using PLAIN > and LOGIN (I believe), which may or may not be sufficient for you. Not true. pwcheck_method refers only to the /plaintext/ authentication method. That is, even with pwcheck_method: saslauthd, you can use any authentication method you wish. It's only that only the PLAIN and LOGIN (where LOGIN is not actually a sasl method but the IMAP LOGIN command) go through saslauthd. Other authentication methods use the corresponding sasl library plugins. I have a running Murder where all the murder-internal technical accounts are to be found in /etc/sasldb2, and authenticated to using DIGEST-MD5, whereas the "real" user accounts are authenticated using PLAIN/LOGIN and saslauthd->pam->pam-radius->radius. Frontends don't have the DIGEST-MD5 method enabled, so that clients won't try to authenticate using it. --Janne Peltonen Univ of Helsinki -- Janne Peltonen <janne.peltonen@xxxxxxxxxxx> ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
