At Tue, 09 Jun 2009 01:19:49 +0200, lists@xxxxxxxxxxxxxxx wrote:
Subject: Re: Re: sasl_pwcheck_method
>
> Dan White schrieb:
> > When authenticating via CRAM-MD5, the pwcheck_method will be ignored.
> > Your chosen pwcheck_method should only be referenced when
> > authenticating
> > via a 'plaintext' authentication mechanism - LOGIN or PLAIN.
>
> Good to know. I must have omitted this part of the manual.:-)
>
>
> > The fact
> > that mtest attempted to authenticate via CRAM-MD5 probably means that
> > you are advertising CRAM-MD5 support within imapd.conf.
>
> Actually cyrus seems to do that by his own!? Adding sasl_mech_list: PLAIN LOGIN to imapd.conf stops advertising it.
I've had the following in my template imapd.conf file for years now:
# Use these SASL authentication mechanisms.
#
# Don't use CRAM-MD5 or DIGEST-MD5 if you don't have a local sasldb
# and you start saslauthd with "-a getpwent"
#
# Don't use OTP or ANONYMOUS unless you really need them -- it causes some
# clients to prefer it, such as "cyradm".
#
# Don't put PLAIN before LOGIN -- it buggers Mozilla.
#
sasl_mech_list: LOGIN PLAIN
I'm not sure why Mozilla was confused, or whether current versions would
still be confused, but suffice it to say that no current clients I've
encountered in relatively large user populations have had problems with
the order being "LOGIN PLAIN".
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@xxxxxxxxxxx>
Planix, Inc. <woods@xxxxxxxxxx> Secrets of the Weird <woods@xxxxxxxxx>
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
