Am Di, den 07.09.2004 schrieb Marc Williams um 4:22: > I changed out my imapd.conf so that sasl_mech_list now says "plain" and > guess what? It now works. Which I guess sort of answers the question > except it's a little disconcerting to know that imapd will handle pam > but timsieved won't. Especially since I figured "plain" wouldn't be > very good security. Maybe I'll just leave it at "plain" and throw the > whole thing behind SSL.
No, it is not that imapd handles PAM and timsieved not. All services (IMAP, POP3, timsieve) are calling the saslauthd for authentication processes. Which MECH they are allowed to use is defined in the imapd.conf. The saslauthd is configured to use a specific "authentication mechanism". This can be PAM or, which is default on Fedora, the shadow file. Using PAM or shadow is in this default case the same. You have just to remark that you can only use PLAIN and LOGIN when checking the AUTH data against shadow. Other backends can handle MD5 MECHs. Yes, if you use PLAIN I would too use TLS to let the AUTH data not go unencrypted through the net. Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp Serendipity 15:52:24 up 8 days, 13:09, load average: 0.19, 0.13, 0.06 --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
