From: OpenMacNews (cyrus-sasl dot 20 dot openmacnews at spamgourmet dot com)
Date: Thu Nov 11 2004 - 18:32:58 EST
i've recently built up:
on OSX 10.3.6.
(a) i've set up for sealed-only virtual domains & accounts.
(b) sasl's been patched to support crypt'd sql passwords via PLAIN auth with Brane Gračnar's patches @ http://frost.ath.cx/software/cyrus-sasl-patches/ :
(c) i've added:
password_format: crypt # to smtpd.conf
sasl_password_format: crypt # to imapd.conf
(d) i'm front-ending with web-cyradm, using encrypted pwds in mysql
(e) i'm using auxprop+sql for pwdcheck method directly, circumventing saslauthd and/or sasldb.
now, at the moment, my imap client (Mulberry4a3, fwiw) is authenticating via PLAIN over TLSv1 -- or without TLS, of course -- without any problems.
if, however, i enable CRAM-MD5 & DIGEST-MD5 auth mechs in imapd.conf & smtpd.conf, and attempt to login via imap client, i get a "NO authenitcation" error in the client, and
imap: badlogin: testserver.internal.testdomain.com [10.0.0.6] CRAM-MD5 [SASL(-13): authentication failure: incorrect digest response]
in my cyrus log.
now, IIUC, this may not be a surprise to some, as --apparently -- use of cyrus secret-based auth requires pwds to be plaintext (i'm fuzzy on the why ..).
workarounds seemingly include using courier's autdaemond, but that's not my goal ...
(1) what needs to change in Cyrus in order to enable secret-based auth using
i presume SOMETHING needs to be patched ...
(2) does a patch for this exist already? if so, can someone here provide
a pointer URL?
given what i've read online, storing NOTHING in plaintext is a farily
common policy, and use of mysql in this scenario is broadening ... so i'd
propose that it's not unreasonable that others would like to see such a
solution as well.
(3) what will it take to get such support built directly into Cyrus?
the Cyrus maintainers suggested that i put this forth _here_ on the list, and that sufficient discussion _might_ raise this on their priority list (it's apparently not that high, at the moment ...)