A trick with SASL if you don't use the /etc/sasldb stuff is to compile with "--with-dblib=none" and it will remove the sasl secrets database code entirely.. We only use Kerberos so we didn't need any of the /etc/sasldb stuff either.
[EMAIL PROTECTED] wrote: > > Robert Scussel schrieb am Wed, Dec 12, 2001 at 09:51:21PM -0500: > * Thanks, first of all for the help getting cyrus working with > * saslauthd-pam... > * > * I have been trying for days now to get the latest IMP(3.0) with the > * latest Horde(2.0) to work with cyrus. The problem now is that imp tries > * to use the protocol imap to logon, which then tries to logon via > * > * CRAM-MD5, sasldb2, and even kerberos > * > * It doesn't appear to try pam/plain/saslauthd login. > > Most webmailers I saw (e.g. aeromail, twig) did a CAPABILITY upon connect > and tried to do the most secure authentication first. So if your server > lists CRAM-MD5 in its capability list, the webmailer will try that before > trying PLAIN. > > We debugged this down to the code of imap-2001 which is the library that > is mostly used by PHP for IMAP issues. So if you set up a PHP webmailer, > you can't help this behaviour because its hardcoded into the lib. > > We finally did a very nasty workaround: As we use LDAP-via-PAM as authen- > tication backend, we do not need the sasldb - and when completely removing > /etc/sasldb, Cyrus IMAP stops sending CRAM-MD5 in its capability list. > > - Birger
