Hello Andreas,
Andreas Metzler, 22.04.2006 (d.m.y):
> Christian Schmidt <christian@???> wrote:
>
> > I first tried it using:
>
> > sasl_cram_md5:
> > driver = cyrus_sasl
> > public_name = CRAM-MD5
> > server_realm = server.linau.de
> > server_set_id = $2
>
> CRAM-MD5 requires that server knows the clear-text password. If you
> are using PAM this probably not the case and therefore cannot work.
Ah, that wasn't clear to me.
> > sasl_plain:
> > driver = cyrus_sasl
> > public_name = PLAIN
> > server_realm = server.linau.de
> > server_set_id = $2
>
> > This did not work. I always got an error "535 Incorrect authentication
> > data".
>
> <quote>
> Where access to some kind of secret file is required, for example in
> GSSAPI or CRAM-MD5, it is worth noting that the authenticator runs as
> the Exim user, and that the Cyrus SASL library has no way of
> escalating privileges by default. You may also find you need to set
> environment variables, depending on the driver you are using.
> <unquote>
>
> I /guess/ this also applies to reading data from /etc/shadow.
When using saslauthd, there is no need for exim to access "some kind
of secret file", because this is saslauthd's part.
Or did I get that completely wrong?
But what I didn't yet understand is what the differences between the
following two authenticators are:
saslauthd_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{True}{False}}
sasl_plain:
driver = cyrus_sasl
public_name = PLAIN
server_realm = server.linau.de
server_set_id = $2
Or in other words: The first authenticator checks the authentication
data by doing a "saslauthd query". And the second one?
My (maybe wrong) imagination has been that the cyrus_sasl driver in
the second authenticator also queries saslauthd.
(I'm not yet familiar with Cyrus IMAPd, but at the moment I think that
Cyrus IMAP authentication works the same way.)
Regards,
Christian
--
Joey, los, klon Dich!
-- Karsten Droste
