>I noticed that when I do an imtest, this shows up:
>AUTH=DIGEST-MD5 AUTH=CRAM-MD5
>
>should I expect an "AUTH=PAM" to be listed here?
nope.
those AUTH capabilities are ways a client can talk to
SASL (via the imapd, of course) to hand it the password,
as opposed to what SASL uses to check the password
once it's gotton it from the client.
For me, shadow only worked when the shadow file was world readable,
despite the cyrus user having group read permission on it.
I also had the following in my imapd.conf:
sasl_minimum_layer: 0
allowplaintext: yes
but if imtest works for you with sasldb, then I doubt the
config lines above will make a difference for you.
Earlier messages on this list had reported that PAM was case-sensitive,
but I think they indicated it needed to be all-caps, which is what you
seem to be using.
I did find using sample-client and sample-server in the sasl package
that digest-md5 didn't work for my system, so I compiled sasl
with that disabled in order to prevent clients from trying it.
My system is debian as opposed to RH.
good luck.
--akb
