* imapd falls back to using sasldb access if digest authentication is tried
IMHO that calls for a FAQ entry. "I'm trying to use saslauthd, and cyrus keeps on complaining that it can't read the SASL db - what's wrong?".
* Getting sasl to use an auxprop method that calls an LDAP server is possible, but tricky. Various patches exist, but are non trivial to install and configure.
OK, I may be totally wrong here but I thought LDAP authentication was normally done by logging in to the LDAP server with the user's name and password. As such, you shouldn't have permission to read the user's password off the LDAP server. I guess you could add a user 'cyrus' to the LDAP server with permission to read passwords if you wanted to use digest authentication types, though.
* Not bother with digest authentication at all for now
I'd love to use it personally. I have concerns about giving read access to passwords to anything, though. Does anybody here have an opinion on kerberizing the network so that slapd, cyrus etc just use kerberos?
Craig Ringer
