El 9/5/25 a les 14:55, Rainer Ruprechtsberger
([email protected]) ha escrit:
But: how to deal with IMPAP? Without a password login the SOGo
application can't use this to log in.
Ideally I would use a client cert + username/password for IMAP (cyrus
would support this, basically every client is able to do that as well).
Is there any clever way / setup that I'm missing?
It's not clever and I'm not sure it's a good idea, but I have configured
a second instance of imapd, only available to SOGo, that doesn't need a
password, i.e. in cyrus.conf
imaps cmd="imapd -s -U 30" listen="imaps" prefork=0
maxchild=100
localimap cmd="imapd -U 30 -C /etc/imapd-nopasswd.conf"
listen=1143 prefork=0 maxchild=100
(I don't listen on localhost because SOGo is on a different virtual
machine, but I have firewall rules to block other connections).
imaps uses /etc/imapd.conf, localimap uses /etc/imapd-nopasswd.conf.
I keep the main configuration in /etc/imapd-common.conf (because I
cannot include imapd.conf in imapd-nopasswd.conf and simply override the
options, if cyrus see that there are repeated options it wouldn't
start), then in imapd.conf I have
@include: /etc/imapd-common.conf
sasl_pwcheck_method: auxprop saslauthd
and in imapd-nopasswd.conf
@include: /etc/imapd-common.conf
sasl_pwcheck_method: alwaystrue
Bye
--
Luca Olivetti
Tel. +34 935883004 Ext. 3010
https://wetron.es
https://wecobots.com
