Sam Varshavchik wrote: > Bowie Bailey writes: > >> Sam Varshavchik wrote: >>> Bowie Bailey writes: >>>> >>>> Interesting. I verified that CRAM authentication was failing on >>>> both of my Courier systems. Disabling it made them both much more >>>> responsive. >>>> >>>> What additional requirements does CRAM have? I looked in the >>>> INSTALL document, the courier man page, and the esmtpd config >>>> file. None of them said anything other than that you have to use a >>>> compatible authentication method, which I am (authuserdb). >>> >>> It helps to actually understand how CRAM works. CRAM cannot use >>> encrypted passwords, so the system must be configured to use >>> cleartext passwords. Additionally, there's a special configuration >>> procedure for userdb. >>> >>> Courier-IMAP's INSTALL has a section entitled "CRAM-MD5 >>> authentication". This should also be present in Courier's INSTALL, >>> but it's not. That's an omission. >> >> Unfortunately, it is not feasible to change all of the passwords on >> the server at this point, so I don't think we'll be able to set up >> CRAM authentication anytime soon. >> >> I read the Courier-IMAP INSTALL doc and it seems fairly >> straightforward. Perhaps a modified version should be added to the >> main Courier INSTALL. Also, should Courier ship with CRAM disabled >> as Courier-IMAP apparently does? > > It should be, and I'm pretty sure it is. > > IMAP_CAPABILITY in imapd.dist.in, the shipped configuration, does not > list CRAM. The comments that precede the documentation have an example > that includes CRAM methods, but the actual default setting does not. > Same for POP3AUTH in pop3d.dist.in, and ESMTPAUTH in esmtpd.dist.in. > As far as I can tell, CRAM authentication is disabled by default.
Actually, now that I look at it, it appears to ship with all authentication disabled. In order to enable it, you have to change the ESMTPAUTH settings. esmtpd.dist: ------------------------------------------------ ##NAME: ESMTPAUTH:4 # # To enable authenticated SMTP relaying, uncomment the ESMTPAUTH setting, # below, and set it to ESMTP authentication mechanisms we support. Currently # LOGIN and CRAM-MD5 are available: # # ESMTPAUTH="LOGIN CRAM-MD5" # # You can also try PLAIN, CRAM-SHA1, and CRAM-SHA256. See INSTALL for more # information. # ESMTPAUTH="" ------------------------------------------------ Based on this, someone who knows nothing about the inner workings of these authentication methods (i.e., me), would conclude that they should follow the example given and use LOGIN and CRAM-MD5. There should probably be a note here saying that additional configuration may be needed in order to use CRAM-MD5 authentication. -- Bowie ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
