Eric S. Johansson schrieb am Tue, Apr 30, 2002 at 08:43:14AM -0400: > On Tue, 30 Apr 2002 02:21:23 -0400 (EDT) Rob Siemborski <[EMAIL PROTECTED]> wrote: > > RS> On Mon, 29 Apr 2002, David Wright wrote: > RS> > RS> > > sasl_pwcheck_method: saslauthd > RS> > > RS> > You want: > RS> > > RS> > sasl_pwcheck_method: PAM > RS> > RS> SASLv2 does not support this option (which is what David is using), > RS> saslauthd is the correct option (and running saslauthd -a pam). > RS> > RS> > Go on from there, and come back when you encounter the SASL re-entrancy > RS> bug. > RS> > RS> saslauthd naturally negates any reentrancy issues. > > ok I tried it and I get the same result as before. > > Apr 30 08:35:33 mail imapd[18663]: no secret in database > Apr 30 08:35:33 mail imapd[18663]: badlogin: relay.andrewandsons.com[192.168.255.1] >CRAM-MD5 [SASL(-13): user not found: no secret in database] > Apr 30 08:35:36 mail imapd[18663]: no secret in database > Apr 30 08:35:36 mail imapd[18663]: badlogin: relay.andrewandsons.com[192.168.255.1] >CRAM-MD5 [SASL(-13): user not found: no secret in database] > Apr 30 08:35:39 mail imapd[18663]: no secret in database > Apr 30 08:35:39 mail imapd[18663]: badlogin: relay.andrewandsons.com[192.168.255.1] >CRAM-MD5 [SASL(-13): user not found: no secret in database] > > > I tried starting up saslauthd with -a PAM as well as -a getpwent options. I get > the same result.
Naturally, as CRAM-MD5, DIGEST-MD5 and the like won't work with pam. PLAIN and LOGIN are the only mechanisms that will work with pam because they do not require access to the cleartext password. If your client gets confused by imapd's CAPABILITY announcement (always try- ing to do CRAM-MD5 because its advertised), delete /etc/sasldb, imapd will then stop announcing them. Regards, Birger
