[imp] Re: IMP and Cyrus - unencrypted login to localhost
impossible?
Michael Sims
mhsims@midsouth.rr.com
Thu Nov 21 07:43:17 2002
On Thu, 21 Nov 2002 08:20:44 +0100 (CET), you wrote:
>I have come to another conclusion: IMP (PHP) asks the server of known =
auth
>mechs. Since CRAM-MD5 is stronger than plain, it doesn't use plain. I'll
>try to disable other auth mechs an the cyrus server, but it is bad
>nevertheless.
The SASL documentation does state that you should disable the auth
mechanisms that you don't plan to use. I used the following configure
commands when building SASL and Cyrus IMAPD:
SASL:
./configure --disable-krb4 --disable-gssapi --disable-cram \
--disable-digest
IMAPD:
./configure --with-auth=unix
I use saslauthd/PAM (using pam_ldap && nss_ldap) and it works fine
from PHP over either IMAP or IMAPS.
More information about the imp
mailing list