Yes. Each option in imapd.conf can be prefixed with a service name from
cyrus.conf.
So if your services are named 'imap' and 'http', use:
imap_sasl_mech_list
http_sasl_mech_list
Definitely don't rely on Digest for http. Most implementations are
either broken or incompatible. I should have never attempted to make
DIGEST-MD5 work for http.
On 10/11/18 1:13 PM, Pim Zandbergen wrote:
Is there a simple way to configure a different sasl_mech_list for imap
and http?
I was allowing login, plain, cram-md5 and digest-md5 using sasldb,
when I noticed digest-md5 is not working at all for http.
But it works fine for imap.
I started noticing this when it turned out iOS CalDAV/CardDAV clients
could not authenticate.
iOS, once it sees digest-md5 offered, apparently will not fall back to
other mechs.
Other *dav clients appear to be less picky, especially over SSL.
But other *dav clients will start to fail too, if digest-md5 is the
only mech available.
Since I can't figure out what's wrong with my SASL setup, I'd like to
disable digest-md5 for http,
but leave it enabled for imap where it works fine.
I'm using cyrus imap 3.0.8 on Fedora.
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
--
Ken Murchison
Cyrus Development Team
FastMail US LLC
null
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
