On Fri, 3 Jan 2003, Martin Y. Chiu wrote: > After reading some document and tracing some code of imapd2 and > sasl, I found that cyrus-imapd2 use the different authentication > method with IMAP 'LOING' and 'AUTHENTICATE' command. LOGIN uses > sasl_checkpass() and AUTHENTICATE uses sasl_server_start() and > sasl_server_step() to authentication. This two method may use the > difference user database -- sasl_checkpass() uses saslauthd and > sasl_server_step() uses sasldb2, am I right ?
Yes and no. sasl_checkpass can use saslauthd or an auxprop database (based on pwcheck_method). Depending on mechanism, they may also use sasl_checkpass, or they may need to access a database directly. In the case of PLAIN and LOGIN, they just do a sasl_checkpass internally. DIGEST-MD5, CRAM-MD5, etc, all need the plaintext password. > This may cause some problem that PHP with cclinet-2002, and it > trys to use AUTHENTICATE but Outlook Express can use only LOGIN. I don't see a problem. > Is there any way I can change this behavior or correct method to > setup Cyrus-imapd2 with coherent user database ? Either only allow LOGIN and PLAIN SASL mechanisms, or use the sasldb/mysql database with a pwcheck method of "auxprop" -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
