On Mon, 2004-09-06 at 21:07, Alexander Dalloz wrote: > Am Di, den 07.09.2004 schrieb Marc Williams um 3:50: > > > Thanks for responding Alexander. I look forward to your posts in the FC > > lists. > > Thanks :) You are welcome. > > > The entirety of my imapd.conf is as follows: > > > sasl_pwcheck_method: saslauthd > > sasl_mech_list: pam > ^^^^^^^ > > Hu? This can not work. So I wonder how you are able to authenticate with > your IMAP/IMAPs client. > > > It's *almost* stock. As I recall, I changed "PLAIN" to "pam" and > > commented hashimapspool. The mech listed in /etc/sysconfig/saslauthd is > > "shadow" which shouldn't matter, I believe, since the sasl_mech_list in > > imapd.conf would override. > > pam is no SASL MECH. With "sasl_mech_list" you have to have entries like > "PLAIN" or "LOGIN" or "CRAM-MD5". That are MECHs. And the saslauthd, > which comes with SASLv2, has different possibilities to contact which is > holding the AUTH data. "saslauthd -v" shows you what is possible with > your saslauthd. But that are not the MECHs. > Indeed, that's exactly where I came up with pam for a mech - doing the "saslauthd -v" like the instructions said to (I don't recall which instructions right now). I guess I'll have to dig a bit deeper to discover why pam can't be a mech.
> In short: change "sasl_mech_list" back to "PLAIN" in the imapd.conf and > things will work again after a service restart. As you probably read by now, that's what I did. And it did. My only concern at this point is whether or not the "plain" mech is adequate security. Thanks! --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
